{ "statistics": { "processing": [ { "name": "CAPE", "time": 0.0 }, { "name": "AnalysisInfo", "time": 0.018 }, { "name": "BehaviorAnalysis", "time": 0.285 }, { "name": "Debug", "time": 0.001 }, { "name": "NetworkAnalysis", "time": 0.0 }, { "name": "UrlAnalysis", "time": 0.483 }, { "name": "script_log_processing", "time": 0.001 }, { "name": "ProcessMemory", "time": 0.0 } ], "signatures": [ { "name": "packer_themida", "time": 0.0 }, { "name": "stealth_network", "time": 0.0 }, { "name": "disable_driver_via_blocklist", "time": 0.0 }, { "name": "disable_driver_via_hvcidisallowedimages", "time": 0.0 }, { "name": "disable_hypervisor_protected_code_integrity", "time": 0.0 }, { "name": "pendingfilerenameoperations_Operations", "time": 0.0 }, { "name": "anomalous_deletefile", "time": 0.0 }, { "name": "antiav_360_libs", "time": 0.0 }, { "name": "antiav_ahnlab_libs", "time": 0.0 }, { "name": "antiav_avast_libs", "time": 0.0 }, { "name": "antiav_bitdefender_libs", "time": 0.0 }, { "name": "antiav_bullguard_libs", "time": 0.0 }, { "name": "antiav_emsisoft_libs", "time": 0.0 }, { "name": "antiav_qurb_libs", "time": 0.0 }, { "name": "antiav_servicestop", "time": 0.0 }, { "name": "antiav_apioverride_libs", "time": 0.0 }, { "name": "antidebug_guardpages", "time": 0.0 }, { "name": "antidebug_ntcreatethreadex", "time": 0.0 }, { "name": "antiav_nthookengine_libs", "time": 0.0 }, { "name": "antidebug_outputdebugstring", "time": 0.0 }, { "name": "antidebug_setunhandledexceptionfilter", "time": 0.0 }, { "name": "antidebug_windows", "time": 0.0 }, { "name": "antisandbox_cuckoo", "time": 0.0 }, { "name": "antisandbox_cuckoocrash", "time": 0.0 }, { "name": "antisandbox_foregroundwindows", "time": 0.0 }, { "name": "mouse_movement_detect", "time": 0.0 }, { "name": "antisandbox_sboxie_libs", "time": 0.0 }, { "name": "antisandbox_sboxie_objects", "time": 0.0 }, { "name": "antisandbox_script_timer", "time": 0.0 }, { "name": "antisandbox_sleep", "time": 0.0 }, { "name": "antisandbox_sunbelt_libs", "time": 0.0 }, { "name": "antisandbox_unhook", "time": 0.0 }, { "name": "hardware_id_profiling", "time": 0.0 }, { "name": "antivm_directory_objects", "time": 0.0 }, { "name": "antivm_display", "time": 0.0 }, { "name": "antivm_generic_disk", "time": 0.0 }, { "name": "antivm_generic_scsi", "time": 0.0 }, { "name": "antivm_generic_services", "time": 0.0 }, { "name": "antivm_generic_system", "time": 0.0 }, { "name": "antivm_checks_available_memory", "time": 0.0 }, { "name": "detect_virtualization_via_recent_files", "time": 0.0 }, { "name": "antivm_vbox_libs", "time": 0.0 }, { "name": "antivm_vbox_window", "time": 0.0 }, { "name": "antivm_vmware_events", "time": 0.0 }, { "name": "antivm_vmware_libs", "time": 0.0 }, { "name": "antivm_wmi", "time": 0.0 }, { "name": "api_spamming", "time": 0.0 }, { "name": "api_uuidfromstringa", "time": 0.0 }, { "name": "bcdedit_command", "time": 0.0 }, { "name": "bootkit", "time": 0.0 }, { "name": "direct_hdd_access", "time": 0.0 }, { "name": "physical_drive_access", "time": 0.0 }, { "name": "potential_overwrite_mbr", "time": 0.0 }, { "name": "read_file_raw_disk_access", "time": 0.0 }, { "name": "suspicious_iocontrol_codes", "time": 0.0 }, { "name": "browser_needed", "time": 0.0 }, { "name": "firefox_disables_process_tab", "time": 0.0 }, { "name": "amsi_enumeration", "time": 0.0 }, { "name": "regsvr32_squiblydoo_dll_load", "time": 0.0 }, { "name": "suspicious_ntdll_disk_load", "time": 0.0 }, { "name": "direct_syscall_evasion", "time": 0.0 }, { "name": "unbacked_syscall_execution", "time": 0.0 }, { "name": "uac_bypass_cmstp", "time": 0.0 }, { "name": "uac_bypass_eventvwr", "time": 0.0 }, { "name": "uac_bypass_windows_Backup", "time": 0.0 }, { "name": "privilege_elevation_check", "time": 0.0 }, { "name": "queries_computer_name", "time": 0.0 }, { "name": "queries_user_name", "time": 0.0 }, { "name": "creates_largekey", "time": 0.0 }, { "name": "creates_nullvalue", "time": 0.0 }, { "name": "access_windows_passwords_vault", "time": 0.0 }, { "name": "dump_lsa_via_windows_error_reporting", "time": 0.0 }, { "name": "lsass_credential_dumping", "time": 0.0 }, { "name": "critical_process", "time": 0.0 }, { "name": "query_fips_reconnaissance", "time": 0.0 }, { "name": "cryptopool_domains", "time": 0.0 }, { "name": "dead_connect", "time": 0.0 }, { "name": "dead_link", "time": 0.0 }, { "name": "debugs_self", "time": 0.0 }, { "name": "decoy_image", "time": 0.0 }, { "name": "deletes_consolehost_history", "time": 0.0 }, { "name": "deletes_shadow_copies", "time": 0.0 }, { "name": "deletes_system_state_backup", "time": 0.0 }, { "name": "dep_bypass", "time": 0.0 }, { "name": "dep_disable", "time": 0.0 }, { "name": "disables_mappeddrives_autodisconnect", "time": 0.0 }, { "name": "disables_spdy", "time": 0.0 }, { "name": "disables_wfp", "time": 0.0 }, { "name": "add_windows_defender_exclusions", "time": 0.0 }, { "name": "mountpoints_volume_discovery", "time": 0.0 }, { "name": "dll_load_uncommon_file_types", "time": 0.0 }, { "name": "dllload_suspicious_directory", "time": 0.0 }, { "name": "document_script_exe_drop", "time": 0.0 }, { "name": "driver_load", "time": 0.0 }, { "name": "install_kernel_driver_service", "time": 0.0 }, { "name": "malformed_dll_loading", "time": 0.0 }, { "name": "dynamic_function_loading", "time": 0.0 }, { "name": "registers_vectored_exception_handler", "time": 0.0 }, { "name": "exec_crash", "time": 0.0 }, { "name": "process_creation_suspicious_location", "time": 0.0 }, { "name": "exploit_getbasekerneladdress", "time": 0.0 }, { "name": "exploit_gethaldispatchtable", "time": 0.0 }, { "name": "exploit_heapspray", "time": 0.0 }, { "name": "downloads_from_filehosting", "time": 0.0 }, { "name": "generic_phish", "time": 0.0 }, { "name": "http_request", "time": 0.0 }, { "name": "infostealer_browser", "time": 0.0 }, { "name": "infostealer_browser_password", "time": 0.0 }, { "name": "infostealer_cookies", "time": 0.0 }, { "name": "captures_screenshot", "time": 0.0 }, { "name": "injection_createremotethread", "time": 0.0 }, { "name": "creates_suspended_process", "time": 0.0 }, { "name": "injection_explorer", "time": 0.0 }, { "name": "injection_module_stomping_probing", "time": 0.0 }, { "name": "injection_needextension", "time": 0.0 }, { "name": "injection_network_traffic", "time": 0.0 }, { "name": "injection_runpe", "time": 0.0 }, { "name": "section_mapping_injection", "time": 0.0 }, { "name": "injection_themeinitapihook", "time": 0.0 }, { "name": "apc_injection", "time": 0.0 }, { "name": "resumethread_remote_process", "time": 0.0 }, { "name": "injection_write_exe_process", "time": 0.0 }, { "name": "injection_write_process", "time": 0.0 }, { "name": "internet_dropper", "time": 0.0 }, { "name": "interprocess_comms_mutex", "time": 0.0 }, { "name": "interprocess_comms_named_pipe", "time": 0.0 }, { "name": "interprocess_comms_shared_memory", "time": 0.0 }, { "name": "escalate_privilege_via_named_pipe", "time": 0.0 }, { "name": "ipc_namedpipe", "time": 0.0 }, { "name": "js_phish", "time": 0.0 }, { "name": "js_suspicious_redirect", "time": 0.0 }, { "name": "execute_binary_via_internet_explorer_exporter", "time": 0.0 }, { "name": "execute_binary_via_run_exe_helper_utility", "time": 0.0 }, { "name": "execute_ps_via_syncappvpublishingserver", "time": 0.0 }, { "name": "malicious_dynamic_function_loading", "time": 0.0 }, { "name": "reads_memory_remote_process", "time": 0.0 }, { "name": "unbacked_exception_filter", "time": 0.0 }, { "name": "unbacked_process_mitigation_alteration", "time": 0.0 }, { "name": "thread_unbacked_memory", "time": 0.0 }, { "name": "unbacked_api_resolution", "time": 0.0 }, { "name": "unbacked_dotnet_execution", "time": 0.0 }, { "name": "unbacked_library_load", "time": 0.0 }, { "name": "unbacked_memory_apc_execution", "time": 0.0 }, { "name": "unbacked_memory_protection_alteration", "time": 0.0 }, { "name": "unbacked_mutex_creation", "time": 0.0 }, { "name": "unbacked_process_creation", "time": 0.0 }, { "name": "unbacked_veh_registration", "time": 0.0 }, { "name": "unbacked_com_instantiation", "time": 0.0 }, { "name": "unbacked_crypto_operations", "time": 0.0 }, { "name": "unbacked_delay_execution", "time": 0.0 }, { "name": "unbacked_file_dropping", "time": 0.0 }, { "name": "unbacked_process_enumeration", "time": 0.0 }, { "name": "unbacked_registry_modification", "time": 0.0 }, { "name": "unbacked_service_manipulation", "time": 0.0 }, { "name": "unbacked_token_manipulation", "time": 0.0 }, { "name": "unbacked_wmi_execution", "time": 0.0 }, { "name": "unbacked_bind_shell", "time": 0.0 }, { "name": "unbacked_dns_resolution", "time": 0.0 }, { "name": "unbacked_memory_network_connection", "time": 0.0 }, { "name": "unbacked_named_pipe_creation", "time": 0.0 }, { "name": "unbacked_useragent_retrieval", "time": 0.0 }, { "name": "mimics_filetime", "time": 0.0 }, { "name": "amsi_bypass_via_com_registry", "time": 0.0 }, { "name": "access_auto_logons_via_registry", "time": 0.0 }, { "name": "access_boot_key_via_registry", "time": 0.0 }, { "name": "create_suspicious_lnk_files", "time": 0.0 }, { "name": "credential_access_via_windows_credential_history", "time": 0.0 }, { "name": "dll_hijacking_via_microsoft_exchange", "time": 0.0 }, { "name": "dll_hijacking_via_waas_medic_svc_com_typelib", "time": 0.0 }, { "name": "execute_file_downloaded_via_openssh", "time": 0.0 }, { "name": "execute_safe_mode_from_suspicious_process", "time": 0.0 }, { "name": "execute_scripts_via_microsoft_management_console", "time": 0.0 }, { "name": "execute_suspicious_processes_via_windows_mssql_service", "time": 0.0 }, { "name": "execution_from_self_extracting_archive", "time": 0.0 }, { "name": "ip_address_discovery_via_trusted_program", "time": 0.0 }, { "name": "load_dll_via_control_panel", "time": 0.0 }, { "name": "network_connection_via_suspicious_process", "time": 0.0 }, { "name": "potential_location_discovery_via_unusual_process", "time": 0.0 }, { "name": "store_executable_registry", "time": 0.0 }, { "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent", "time": 0.0 }, { "name": "suspicious_java_execution_via_win_scripts", "time": 0.0 }, { "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File", "time": 0.0 }, { "name": "uses_restart_manager_for_suspicious_activities", "time": 0.0 }, { "name": "modify_desktop_wallpaper", "time": 0.0 }, { "name": "modify_zoneid_ads", "time": 0.0 }, { "name": "move_file_on_reboot", "time": 0.0 }, { "name": "multiple_useragents", "time": 0.0 }, { "name": "network_anomaly", "time": 0.0 }, { "name": "network_bind", "time": 0.0 }, { "name": "etherhiding_smart_contract_call", "time": 0.0 }, { "name": "network_cnc_https_archive", "time": 0.0 }, { "name": "network_cnc_https_free_webhosting", "time": 0.0 }, { "name": "network_cnc_https_generic", "time": 0.0 }, { "name": "network_cnc_https_interactsh", "time": 0.0 }, { "name": "network_cnc_https_opensource", "time": 0.0 }, { "name": "network_cnc_https_pastesite", "time": 0.0 }, { "name": "network_cnc_https_payload", "time": 0.0 }, { "name": "network_cnc_https_serviceinterface", "time": 0.0 }, { "name": "network_cnc_https_socialmedia", "time": 0.0 }, { "name": "network_cnc_https_telegram", "time": 0.0 }, { "name": "network_cnc_https_tempstorage", "time": 0.0 }, { "name": "network_cnc_https_temp_urldns", "time": 0.0 }, { "name": "network_cnc_https_urlshortener", "time": 0.0 }, { "name": "network_cnc_https_useragent", "time": 0.0 }, { "name": "network_cnc_smtps_exfil", "time": 0.0 }, { "name": "network_cnc_smtps_generic", "time": 0.0 }, { "name": "network_dns_idn", "time": 0.0 }, { "name": "network_dns_suspicious_querytype", "time": 0.0 }, { "name": "network_dns_tunneling_request", "time": 0.0 }, { "name": "explorer_http", "time": 0.0 }, { "name": "network_fake_useragent", "time": 0.0 }, { "name": "legitimate_domain_abuse", "time": 0.0 }, { "name": "suspicious_communication_trusted_site", "time": 0.0 }, { "name": "network_tor", "time": 0.0 }, { "name": "office_com_load", "time": 0.0 }, { "name": "office_dotnet_load", "time": 0.0 }, { "name": "office_mshtml_load", "time": 0.0 }, { "name": "office_vb_load", "time": 0.0 }, { "name": "office_wmi_load", "time": 0.0 }, { "name": "office_cve2017_11882_network", "time": 0.0 }, { "name": "office_cve_2021_40444", "time": 0.0 }, { "name": "office_cve_2021_40444_m2", "time": 0.0 }, { "name": "office_flash_load", "time": 0.0 }, { "name": "office_postscript", "time": 0.0 }, { "name": "office_suspicious_processes", "time": 0.0 }, { "name": "decompress_exe", "time": 0.0 }, { "name": "persistence_via_autodial_dll_registry", "time": 0.0 }, { "name": "persistence_autorun", "time": 0.0 }, { "name": "persistence_autorun_tasks", "time": 0.0 }, { "name": "persistence_bootexecute", "time": 0.0 }, { "name": "persistence_registry_script", "time": 0.0 }, { "name": "powershell_download", "time": 0.0 }, { "name": "powershell_request", "time": 0.0 }, { "name": "createtoolhelp32snapshot_module_enumeration", "time": 0.0 }, { "name": "enumerates_running_processes", "time": 0.0 }, { "name": "process_interest", "time": 0.0 }, { "name": "process_needed", "time": 0.0 }, { "name": "ransomware_iocp_asynchronous_encryption", "time": 0.0 }, { "name": "kernel_crypto_driver_abuse", "time": 0.0 }, { "name": "mass_data_encryption", "time": 0.0 }, { "name": "ransomware_extension_hijack", "time": 0.0 }, { "name": "mass_file_modification_access", "time": 0.0 }, { "name": "ransomware_attribute_stripping", "time": 0.0 }, { "name": "ransomware_file_modifications", "time": 0.0 }, { "name": "mass_ransom_note_drop", "time": 0.0 }, { "name": "ransomware_message", "time": 0.0 }, { "name": "recon_beacon", "time": 0.0 }, { "name": "recon_programs", "time": 0.0 }, { "name": "recon_systeminfo", "time": 0.0 }, { "name": "accesses_recyclebin", "time": 0.0 }, { "name": "script_created_process", "time": 0.0 }, { "name": "script_network_activity", "time": 0.0 }, { "name": "suspicious_js_script", "time": 0.0 }, { "name": "javascript_timer", "time": 0.0 }, { "name": "secure_login_phishing", "time": 0.0 }, { "name": "securityxploded_modules", "time": 0.0 }, { "name": "get_clipboard_data", "time": 0.0 }, { "name": "sets_autoconfig_url", "time": 0.0 }, { "name": "spoofs_procname", "time": 0.0 }, { "name": "stack_pivot", "time": 0.0 }, { "name": "stack_pivot_file_created", "time": 0.0 }, { "name": "stack_pivot_process_create", "time": 0.0 }, { "name": "set_clipboard_data", "time": 0.0 }, { "name": "stealth_childproc", "time": 0.0 }, { "name": "stealth_system_procname", "time": 0.0 }, { "name": "stealth_timeout", "time": 0.0 }, { "name": "stealth_window", "time": 0.0 }, { "name": "queries_keyboard_layout", "time": 0.0 }, { "name": "queries_locale_api", "time": 0.0 }, { "name": "terminates_remote_process", "time": 0.0 }, { "name": "uiautomationcore_load", "time": 0.0 }, { "name": "user_enum", "time": 0.0 }, { "name": "mmc_dll_script_load", "time": 0.0 }, { "name": "mmc_dotnet_load", "time": 0.0 }, { "name": "virus", "time": 0.0 }, { "name": "webmail_phish", "time": 0.0 }, { "name": "persists_dev_util", "time": 0.0 }, { "name": "spawns_dev_util", "time": 0.0 }, { "name": "alters_windows_utility", "time": 0.0 }, { "name": "overwrites_accessibility_utility", "time": 0.0 }, { "name": "Potential_Lateral_Movement_Via_SMBEXEC", "time": 0.0 }, { "name": "potential_WebShell_Via_ScreenConnectServer", "time": 0.0 }, { "name": "uses_Microsoft_HTML_Help_Executable", "time": 0.0 }, { "name": "wiper_zeroedbytes", "time": 0.0 }, { "name": "wmi_create_process", "time": 0.0 }, { "name": "wmi_script_process", "time": 0.0 }, { "name": "deletes_files", "time": 0.0 }, { "name": "drops_files", "time": 0.0 }, { "name": "reads_files", "time": 0.0 }, { "name": "writes_files", "time": 0.0 }, { "name": "antianalysis_tls_section", "time": 0.0 }, { "name": "antivirus_clamav", "time": 0.0 }, { "name": "antivirus_virustotal", "time": 0.0 }, { "name": "bad_certs", "time": 0.0 }, { "name": "bad_ssl_certs", "time": 0.0 }, { "name": "banker_zeus_p2p", "time": 0.0 }, { "name": "banker_zeus_url", "time": 0.0 }, { "name": "bot_athenahttp", "time": 0.0 }, { "name": "bot_dirtjumper", "time": 0.0 }, { "name": "bot_drive", "time": 0.0 }, { "name": "bot_drive2", "time": 0.0 }, { "name": "bot_madness", "time": 0.0 }, { "name": "byod_loldrivers_match", "time": 0.0 }, { "name": "byod_novel_driver", "time": 0.0 }, { "name": "byod_post_load_exploitation", "time": 0.0 }, { "name": "byod_driver_service_install", "time": 0.0 }, { "name": "com_spawned_process", "time": 0.0 }, { "name": "family_proxyback", "time": 0.0 }, { "name": "flare_capa_antianalysis", "time": 0.0 }, { "name": "flare_capa_collection", "time": 0.0 }, { "name": "flare_capa_communication", "time": 0.0 }, { "name": "flare_capa_compiler", "time": 0.0 }, { "name": "flare_capa_datamanipulation", "time": 0.0 }, { "name": "flare_capa_executable", "time": 0.0 }, { "name": "flare_capa_hostinteraction", "time": 0.0 }, { "name": "flare_capa_impact", "time": 0.0 }, { "name": "flare_capa_lib", "time": 0.0 }, { "name": "flare_capa_linking", "time": 0.0 }, { "name": "flare_capa_loadcode", "time": 0.0 }, { "name": "flare_capa_malwarefamily", "time": 0.0 }, { "name": "flare_capa_nursery", "time": 0.0 }, { "name": "flare_capa_persistence", "time": 0.0 }, { "name": "flare_capa_runtime", "time": 0.0 }, { "name": "flare_capa_targeting", "time": 0.0 }, { "name": "threatfox", "time": 0.0 }, { "name": "log4shell", "time": 0.0 }, { "name": "mimics_extension", "time": 0.0 }, { "name": "network_ip_exe", "time": 0.0 }, { "name": "network_dga", "time": 0.0 }, { "name": "network_dga_fraunhofer", "time": 0.0 }, { "name": "network_dyndns", "time": 0.0 }, { "name": "network_icmp", "time": 0.0 }, { "name": "network_irc", "time": 0.0 }, { "name": "network_open_proxy", "time": 0.0 }, { "name": "network_smtp", "time": 0.0 }, { "name": "network_torgateway", "time": 0.0 }, { "name": "origin_langid", "time": 0.0 }, { "name": "origin_resource_langid", "time": 0.0 }, { "name": "overlay", "time": 0.0 }, { "name": "pe_deep_entrypoint", "time": 0.0 }, { "name": "packer_unknown_pe_section_name", "time": 0.0 }, { "name": "packer_aspack", "time": 0.0 }, { "name": "packer_aspirecrypt", "time": 0.0 }, { "name": "packer_bedsprotector", "time": 0.0 }, { "name": "packer_confuser", "time": 0.0 }, { "name": "packer_enigma", "time": 0.0 }, { "name": "packer_entropy", "time": 0.0 }, { "name": "packer_mpress", "time": 0.0 }, { "name": "packer_nate", "time": 0.0 }, { "name": "packer_nspack", "time": 0.0 }, { "name": "packer_smartassembly", "time": 0.0 }, { "name": "packer_spices", "time": 0.0 }, { "name": "packer_themida", "time": 0.0 }, { "name": "packer_titan", "time": 0.0 }, { "name": "packer_upx", "time": 0.0 }, { "name": "packer_vmprotect", "time": 0.0 }, { "name": "packer_yoda", "time": 0.0 }, { "name": "pe_cert_invalid_signature", "time": 0.0 }, { "name": "pe_cert_self_signed", "time": 0.0 }, { "name": "pe_cert_suspicious_issuer", "time": 0.0 }, { "name": "punch_plus_plus_pcres", "time": 0.0 }, { "name": "procmem_yara", "time": 0.0 }, { "name": "recon_checkip", "time": 0.0 }, { "name": "sigma_events", "time": 0.0 }, { "name": "static_authenticode", "time": 0.0 }, { "name": "invalid_authenticode_signature", "time": 0.0 }, { "name": "static_dotnet_anomaly", "time": 0.0 }, { "name": "static_java", "time": 0.0 }, { "name": "static_pdf", "time": 0.0 }, { "name": "contains_pe_overlay", "time": 0.0 }, { "name": "static_pe_anomaly", "time": 0.0 }, { "name": "pe_compile_timestomping", "time": 0.0 }, { "name": "static_pe_pdbpath", "time": 0.0 }, { "name": "static_rat_config", "time": 0.0 }, { "name": "static_versioninfo_anomaly", "time": 0.0 }, { "name": "browser_credential_theft_headless", "time": 0.0 }, { "name": "suricata_alert", "time": 0.0 }, { "name": "volatility_devicetree_1", "time": 0.0 }, { "name": "volatility_handles_1", "time": 0.0 }, { "name": "volatility_ldrmodules_1", "time": 0.0 }, { "name": "volatility_ldrmodules_2", "time": 0.0 }, { "name": "volatility_malfind_1", "time": 0.0 }, { "name": "volatility_malfind_2", "time": 0.0 }, { "name": "volatility_modscan_1", "time": 0.0 }, { "name": "volatility_svcscan_1", "time": 0.0 }, { "name": "volatility_svcscan_2", "time": 0.0 }, { "name": "volatility_svcscan_3", "time": 0.0 }, { "name": "whois_create", "time": 0.0 }, { "name": "accesses_mailslot", "time": 0.0 }, { "name": "accesses_netlogon_regkey", "time": 0.001 }, { "name": "accesses_public_folder", "time": 0.0 }, { "name": "accesses_sysvol", "time": 0.0 }, { "name": "writes_sysvol", "time": 0.0 }, { "name": "adds_admin_user", "time": 0.001 }, { "name": "adds_user", "time": 0.001 }, { "name": "overwrites_admin_password", "time": 0.001 }, { "name": "antianalysis_detectfile", "time": 0.002 }, { "name": "antianalysis_detectreg", "time": 0.063 }, { "name": "modify_attachment_manager", "time": 0.0 }, { "name": "antiav_detectfile", "time": 0.005 }, { "name": "antiav_detectreg", "time": 0.249 }, { "name": "antiav_srp", "time": 0.0 }, { "name": "antiav_whitespace", "time": 0.0 }, { "name": "antidebug_devices", "time": 0.001 }, { "name": "antiemu_windefend", "time": 0.0 }, { "name": "antiemu_wine_reg", "time": 0.0 }, { "name": "antisandbox_cuckoo_files", "time": 0.0 }, { "name": "antisandbox_fortinet_files", "time": 0.0 }, { "name": "antisandbox_joe_anubis_files", "time": 0.0 }, { "name": "antisandbox_sboxie_mutex", "time": 0.0 }, { "name": "antisandbox_sunbelt_files", "time": 0.0 }, { "name": "antisandbox_threattrack_files", "time": 0.0 }, { "name": "antivm_bochs_keys", "time": 0.005 }, { "name": "antivm_generic_bios", "time": 0.003 }, { "name": "antivm_generic_diskreg", "time": 0.01 }, { "name": "antivm_hyperv_keys", "time": 0.005 }, { "name": "antivm_parallels_keys", "time": 0.014 }, { "name": "antivm_recentdocs", "time": 0.0 }, { "name": "antivm_vbox_devices", "time": 0.0 }, { "name": "antivm_vbox_files", "time": 0.002 }, { "name": "antivm_vbox_keys", "time": 0.028 }, { "name": "antivm_vmware_devices", "time": 0.0 }, { "name": "antivm_vmware_files", "time": 0.001 }, { "name": "antivm_vmware_keys", "time": 0.019 }, { "name": "antivm_vmware_mutexes", "time": 0.0 }, { "name": "antivm_vpc_files", "time": 0.0 }, { "name": "antivm_vpc_keys", "time": 0.009 }, { "name": "antivm_vpc_mutex", "time": 0.0 }, { "name": "antivm_xen_keys", "time": 0.014 }, { "name": "ketrican_regkeys", "time": 0.002 }, { "name": "bitcoin_opencl", "time": 0.0 }, { "name": "enumerates_physical_drives", "time": 0.0 }, { "name": "bot_russkill", "time": 0.0 }, { "name": "browser_addon", "time": 0.0 }, { "name": "chromium_browser_extension_directory", "time": 0.0 }, { "name": "browser_helper_object", "time": 0.0 }, { "name": "browser_security", "time": 0.0 }, { "name": "browser_startpage", "time": 0.0 }, { "name": "executes_headless_browser", "time": 0.0 }, { "name": "suspicious_browser_arguments", "time": 0.0 }, { "name": "ie_disables_process_tab", "time": 0.0 }, { "name": "odbcconf_bypass", "time": 0.015 }, { "name": "squiblydoo_bypass", "time": 0.0 }, { "name": "squiblytwo_bypass", "time": 0.0 }, { "name": "bypass_chromium_protection", "time": 0.0 }, { "name": "bypass_firewall", "time": 0.005 }, { "name": "checks_uac_status", "time": 0.001 }, { "name": "uac_bypass_cmstpcom", "time": 0.001 }, { "name": "uac_bypass_delegateexecute_sdclt", "time": 0.0 }, { "name": "uac_bypass_fodhelper", "time": 0.0 }, { "name": "cape_extracted_content", "time": 0.0 }, { "name": "clears_logs", "time": 0.0 }, { "name": "cmdline_obfuscation", "time": 0.0 }, { "name": "cmdline_switches", "time": 0.0 }, { "name": "cmdline_terminate", "time": 0.0 }, { "name": "cmdline_forfiles_wildcard", "time": 0.0 }, { "name": "cmdline_http_link", "time": 0.0 }, { "name": "cmdline_long_string", "time": 0.0 }, { "name": "cmdline_reversed_http_link", "time": 0.0 }, { "name": "long_commandline", "time": 0.0 }, { "name": "powershell_renamed_commandline", "time": 0.0 }, { "name": "copies_self", "time": 0.0 }, { "name": "credwiz_credentialaccess", "time": 0.0 }, { "name": "enables_wdigest", "time": 0.0 }, { "name": "vaultcmd_credentialaccess", "time": 0.0 }, { "name": "file_credential_store_access", "time": 0.0 }, { "name": "file_credential_store_write", "time": 0.0 }, { "name": "kerberos_credential_access_via_rubeus", "time": 0.0 }, { "name": "registry_credential_dumping", "time": 0.0 }, { "name": "registry_lsa_secrets_access", "time": 0.0 }, { "name": "comsvcs_credentialdump", "time": 0.0 }, { "name": "cryptomining_stratum_command", "time": 0.0 }, { "name": "deepfreeze_mutex", "time": 0.0 }, { "name": "deletes_executed_files", "time": 0.0 }, { "name": "disables_app_launch", "time": 0.0 }, { "name": "disables_auto_app_termination", "time": 0.0 }, { "name": "disables_appv_virtualization", "time": 0.0 }, { "name": "disables_backups", "time": 0.0 }, { "name": "disables_browser_warn", "time": 0.0 }, { "name": "disables_context_menus", "time": 0.0 }, { "name": "disables_cpl_disable", "time": 0.0 }, { "name": "disables_crashdumps", "time": 0.0 }, { "name": "disables_event_logging", "time": 0.0 }, { "name": "disables_folder_options", "time": 0.0 }, { "name": "disables_notificationcenter", "time": 0.0 }, { "name": "disables_power_options", "time": 0.0 }, { "name": "disables_restore_default_state", "time": 0.0 }, { "name": "disables_run_command", "time": 0.0 }, { "name": "disables_smartscreen", "time": 0.0 }, { "name": "disables_startmenu_search", "time": 0.0 }, { "name": "disables_system_restore", "time": 0.0 }, { "name": "disables_uac", "time": 0.0 }, { "name": "disables_wer", "time": 0.0 }, { "name": "disables_windows_defender", "time": 0.0 }, { "name": "disables_windows_defender_logging", "time": 0.004 }, { "name": "removes_windows_defender_contextmenu", "time": 0.004 }, { "name": "removes_windows_defender_updates", "time": 0.0 }, { "name": "windows_defender_powershell", "time": 0.0 }, { "name": "disables_windows_file_protection", "time": 0.0 }, { "name": "disables_windowsupdate", "time": 0.0 }, { "name": "disables_winfirewall", "time": 0.0 }, { "name": "folder_enumeration", "time": 0.0 }, { "name": "discover_registry_mount_points", "time": 0.001 }, { "name": "adfind_domain_enumeration", "time": 0.0 }, { "name": "domain_enumeration_commands", "time": 0.0 }, { "name": "driver_filtermanager", "time": 0.0 }, { "name": "dropper", "time": 0.0 }, { "name": "dll_archive_execution", "time": 0.0 }, { "name": "lnk_archive_execution", "time": 0.0 }, { "name": "script_archive_execution", "time": 0.0 }, { "name": "excel4_macro_urls", "time": 0.0 }, { "name": "escalate_privilege_via_ntlm_relay", "time": 0.0 }, { "name": "spooler_access", "time": 0.0 }, { "name": "spooler_svc_start", "time": 0.0 }, { "name": "mapped_drives_uac", "time": 0.0 }, { "name": "hides_recycle_bin_icon", "time": 0.0 }, { "name": "infostealer_bitcoin", "time": 0.003 }, { "name": "infostealer_ftp", "time": 0.085 }, { "name": "infostealer_im", "time": 0.048 }, { "name": "infostealer_mail", "time": 0.009 }, { "name": "Evade_Execution_Via_ASPNet_Compiler", "time": 0.0 }, { "name": "Evade_Execute_Via_DeviceCredentialDeployment", "time": 0.0 }, { "name": "Evade_Execution_Via_Filter_Manager_Control", "time": 0.0 }, { "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper", "time": 0.0 }, { "name": "execute_binary_via_appvlp", "time": 0.0 }, { "name": "execute_binary_via_pcalua", "time": 0.0 }, { "name": "Execute_Binary_Via_OpenSSH", "time": 0.0 }, { "name": "execute_binary_via_pcalua", "time": 0.0 }, { "name": "Execute_Binary_Via_PesterPSModule", "time": 0.0 }, { "name": "Execute_Binary_Via_ScriptRunner", "time": 0.0 }, { "name": "execute_binary_via_ttdinject", "time": 0.0 }, { "name": "Execute_Binary_Via_VisualStudioLiveShare", "time": 0.0 }, { "name": "Execute_Msiexec_Via_Explorer", "time": 0.0 }, { "name": "execute_remote_msi", "time": 0.0 }, { "name": "execute_suspicious_powershell_via_runscripthelper", "time": 0.0 }, { "name": "execute_suspicious_powershell_via_sqlps", "time": 0.0 }, { "name": "Indirect_Command_Execution_Via_ConsoleWindowHost", "time": 0.0 }, { "name": "Perform_Malicious_Activities_Via_Headless_Browser", "time": 0.0 }, { "name": "Register_DLL_Via_CertOC", "time": 0.0 }, { "name": "Register_DLL_Via_MSIEXEC", "time": 0.0 }, { "name": "Register_DLL_Via_Odbcconf", "time": 0.0 }, { "name": "Scriptlet_Proxy_Execution_Via_Pubprn", "time": 0.0 }, { "name": "ie_martian_children", "time": 0.0 }, { "name": "office_martian_children", "time": 0.0 }, { "name": "mimics_icon", "time": 0.0 }, { "name": "masquerade_process_name", "time": 0.005 }, { "name": "mimikatz_modules", "time": 0.0 }, { "name": "ms_office_cmd_rce", "time": 0.0 }, { "name": "mount_copy_to_webdav_share", "time": 0.0 }, { "name": "potential_protocol_tunneling_via_legit_utilities", "time": 0.0 }, { "name": "potential_protocol_tunneling_via_qemu", "time": 0.0 }, { "name": "suspicious_execution_via_dotnet_remoting", "time": 0.0 }, { "name": "dotnet_clr_usagelog_regkeys", "time": 0.0 }, { "name": "modify_hostfile", "time": 0.0 }, { "name": "modify_oem_information", "time": 0.0 }, { "name": "modify_security_center_warnings", "time": 0.0 }, { "name": "modify_uac_prompt", "time": 0.0 }, { "name": "network_dns_blockchain", "time": 0.0 }, { "name": "network_dns_opennic", "time": 0.0 }, { "name": "network_dns_paste_site", "time": 0.0 }, { "name": "network_dns_reverse_proxy", "time": 0.0 }, { "name": "network_dns_temp_file_storage", "time": 0.0 }, { "name": "network_dns_temp_urldns", "time": 0.0 }, { "name": "network_dns_url_shortener", "time": 0.0 }, { "name": "network_dns_doh_tls", "time": 0.0 }, { "name": "suspicious_tld", "time": 0.0 }, { "name": "network_tor_service", "time": 0.0 }, { "name": "office_code_page", "time": 0.0 }, { "name": "office_addinloading", "time": 0.0 }, { "name": "office_perfkey", "time": 0.0 }, { "name": "office_macro", "time": 0.0 }, { "name": "changes_trust_center_settings", "time": 0.0 }, { "name": "disables_vba_trust_access", "time": 0.0 }, { "name": "office_macro_autoexecution", "time": 0.0 }, { "name": "office_macro_ioc", "time": 0.0 }, { "name": "office_macro_malicious_prediction", "time": 0.0 }, { "name": "office_macro_suspicious", "time": 0.0 }, { "name": "rtf_aslr_bypass", "time": 0.0 }, { "name": "rtf_anomaly_characterset", "time": 0.0 }, { "name": "rtf_anomaly_version", "time": 0.0 }, { "name": "rtf_embedded_content", "time": 0.0 }, { "name": "rtf_embedded_office_file", "time": 0.0 }, { "name": "rtf_exploit_static", "time": 0.0 }, { "name": "office_security", "time": 0.0 }, { "name": "accesses_office_username", "time": 0.0 }, { "name": "office_anomalous_feature", "time": 0.0 }, { "name": "office_dde_command", "time": 0.0 }, { "name": "packer_armadillo_mutex", "time": 0.0 }, { "name": "packer_armadillo_regkey", "time": 0.001 }, { "name": "persistence_ads", "time": 0.0 }, { "name": "persistence_safeboot", "time": 0.0 }, { "name": "persistence_ifeo", "time": 0.0 }, { "name": "persistence_silent_process_exit", "time": 0.0 }, { "name": "persistence_rdp_registry", "time": 0.0 }, { "name": "persistence_rdp_shadowing", "time": 0.0 }, { "name": "persistence_service", "time": 0.0 }, { "name": "persistence_shim_database", "time": 0.0 }, { "name": "powershell_scriptblock_logging", "time": 0.0 }, { "name": "powershell_command_suspicious", "time": 0.0 }, { "name": "powershell_history_save_mod", "time": 0.0 }, { "name": "powershell_renamed", "time": 0.0 }, { "name": "powershell_reversed", "time": 0.0 }, { "name": "powershell_variable_obfuscation", "time": 0.0 }, { "name": "prevents_safeboot", "time": 0.0 }, { "name": "cmdline_process_discovery", "time": 0.0 }, { "name": "ransomware_extensions_generic", "time": 0.0 }, { "name": "ransomware_extensions_known", "time": 0.002 }, { "name": "ransomware_files", "time": 0.003 }, { "name": "ransomware_recyclebin", "time": 0.0 }, { "name": "ransomware_revil_regkey", "time": 0.0 }, { "name": "reads_password_database", "time": 0.0 }, { "name": "recon_fingerprint", "time": 0.003 }, { "name": "rdptcp_key", "time": 0.0 }, { "name": "uses_rdp_clip", "time": 0.0 }, { "name": "uses_remote_desktop_session", "time": 0.0 }, { "name": "removes_networking_icon", "time": 0.0 }, { "name": "removes_pinned_programs", "time": 0.0 }, { "name": "removes_security_maintenance_icon", "time": 0.0 }, { "name": "removes_startmenu_defaults", "time": 0.0 }, { "name": "removes_username_startmenu", "time": 0.0 }, { "name": "sniffer_winpcap", "time": 0.0 }, { "name": "spreading_autoruninf", "time": 0.0 }, { "name": "stealth_hidden_extension", "time": 0.0 }, { "name": "stealth_hiddenreg", "time": 0.0 }, { "name": "stealth_hide_notifications", "time": 0.0 }, { "name": "stealth_webhistory", "time": 0.0 }, { "name": "sysinternals_psexec", "time": 0.0 }, { "name": "sysinternals_tools", "time": 0.0 }, { "name": "language_check_registry", "time": 0.0 }, { "name": "tampers_etw", "time": 0.001 }, { "name": "lsa_tampering", "time": 0.0 }, { "name": "tampers_powershell_logging", "time": 0.0 }, { "name": "territorial_disputes_sigs", "time": 0.081 }, { "name": "uses_adfind", "time": 0.0 }, { "name": "uses_ms_protocol", "time": 0.001 }, { "name": "owa_web_shell_files", "time": 0.0 }, { "name": "web_shell_files", "time": 0.0 }, { "name": "web_shell_processes", "time": 0.0 }, { "name": "dotnet_csc_build", "time": 0.0 }, { "name": "mavinject_lolbin", "time": 0.0 }, { "name": "multiple_explorer_instances", "time": 0.0 }, { "name": "script_tool_executed", "time": 0.0 }, { "name": "suspicious_certutil_use", "time": 0.0 }, { "name": "suspicious_command_tools", "time": 0.016 }, { "name": "suspicious_mpcmdrun_use", "time": 0.0 }, { "name": "suspicious_ping_use", "time": 0.0 }, { "name": "uses_powershell_copyitem", "time": 0.0 }, { "name": "uses_windows_utilities", "time": 0.017 }, { "name": "uses_windows_utilities_appcmd", "time": 0.0 }, { "name": "uses_windows_utilities_csvde_ldifde", "time": 0.0 }, { "name": "uses_windows_utilities_cipher", "time": 0.0 }, { "name": "uses_windows_utilities_clickonce", "time": 0.0 }, { "name": "uses_windows_utilities_curl", "time": 0.0 }, { "name": "uses_windows_utilities_dsquery", "time": 0.0 }, { "name": "uses_windows_utilities_esentutl", "time": 0.0 }, { "name": "uses_windows_utilities_finger", "time": 0.0 }, { "name": "uses_windows_utilities_mode", "time": 0.0 }, { "name": "uses_windows_utilities_ntdsutil", "time": 0.0 }, { "name": "uses_windows_utilities_nltest", "time": 0.0 }, { "name": "uses_windows_utilities_setx", "time": 0.0 }, { "name": "uses_windows_utilities_xcopy", "time": 0.0 }, { "name": "wmic_command_suspicious", "time": 0.0 }, { "name": "scrcons_wmi_script_consumer", "time": 0.0 } ], "reporting": [ { "name": "BinGraph", "time": 0.0 } ] }, "CAPE": { "payloads": [], "configs": [] }, "info": { "version": "2.5", "started": "2026-05-28 17:41:27", "ended": "2026-05-28 17:44:40", "duration": 193, "id": 8, "category": "url", "custom": "", "machine": { "id": 6, "status": "stopping", "name": "cuckoo1", "label": "cuckoo1", "platform": "windows", "manager": "KVM", "started_on": "2026-05-28 17:41:27", "shutdown_on": "2026-05-28 17:44:39" }, "package": "edge", "timeout": false, "tlp": null, "parent_sample": null, "options": { "interactive": "1", "nohuman": "yes", "vnc_port": "5910" }, "source_url": null, "route": "none", "user_id": 1, "CAPE_current_commit": "e261551257b77d1ae36b689efcf9b3d0af4476c2" }, "behavior": { "processes": [ { "process_id": 4248, "process_name": "explorer.exe", "parent_id": 4196, "module_path": "C:\\Windows\\explorer.exe", "first_seen": "2026-05-28 21:41:32,406", "calls": [ { "timestamp": "2026-05-28 21:41:36,515", "thread_id": "4908", "caller": "0x7ff65125d17e", "parentcaller": "0x7ff651260d94", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00001484" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000d68" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 0 }, { "timestamp": "2026-05-28 21:41:36,515", "thread_id": "4908", "caller": "0x7ff65125d17e", "parentcaller": "0x7ff651260d94", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000d68" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x047cef90" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 1, "id": 1 }, { "timestamp": "2026-05-28 21:41:36,515", "thread_id": "4908", "caller": "0x7ff65125d17e", "parentcaller": "0x7ff651260d94", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00001484" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000018e4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 2 }, { "timestamp": "2026-05-28 21:41:36,515", "thread_id": "4908", "caller": "0x7ff65125d17e", "parentcaller": "0x7ff651260d94", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000018e4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x047cef90" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 1, "id": 3 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "5008", "caller": "0x7ffc2d0fed8a", "parentcaller": "0x7ffc2d11d5c7", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0dd78000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000014d8" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 5 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000029c0", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09860580" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "3312" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 6 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000029c0" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "3312" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 7 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009c0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 8 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009c0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009c0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "5576", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 11 }, { "timestamp": "2026-05-28 21:41:37,047", "thread_id": "5576", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 12 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001484" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 13 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00001484", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09861380" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "5616" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 14 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00001484" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "5616" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 15 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000029c0", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09860e40" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "4148" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 16 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000029c0" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "4148" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 17 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "276", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000009f0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 18 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5616", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000004ec" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 19 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "5616", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000004f0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 20 }, { "timestamp": "2026-05-28 21:41:37,062", "thread_id": "4148", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00002200" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 21 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "4232", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001c40" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 22 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "4232", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00002018" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 23 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 24 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "276", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000bf8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 25 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5616", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 26 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5616", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 27 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 28 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 29 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5616", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc289c58d4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 30 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5616", "caller": "0x7ffc289c5882", "parentcaller": "0x7ffc289c8f55", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "4234D49B-0245-4DF3-B780-3893943456E1" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "000214E6-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 31 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "5616", "caller": "0x7ffc170a58e1", "parentcaller": "0x7ffc170a5ef1", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "02C5CCF3-805F-4654-A7B7-340A74335365" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 32 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 33 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "3312", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000a9c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 34 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "3312", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000ac4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 35 }, { "timestamp": "2026-05-28 21:41:37,078", "thread_id": "3312", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 36 }, { "timestamp": "2026-05-28 21:41:37,109", "thread_id": "3312", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 7, "id": 37 }, { "timestamp": "2026-05-28 21:41:40,750", "thread_id": "4908", "caller": "0x7ff6512b4e81", "parentcaller": "0x7ff6512e345c", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00001ff8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b17be80" }, { "name": "Parameter", "value": "0x047ceb40" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "5284" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 38 }, { "timestamp": "2026-05-28 21:41:40,750", "thread_id": "5284", "caller": "0x7ff6512b9a30", "parentcaller": "0x7ff6512b7481", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "user32" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 39 }, { "timestamp": "2026-05-28 21:41:40,750", "thread_id": "5284", "caller": "0x7ff6512b9a7b", "parentcaller": "0x7ff6512b7481", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "000214E6-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 40 }, { "timestamp": "2026-05-28 21:41:40,750", "thread_id": "5284", "caller": "0x7ff651305dec", "parentcaller": "0x7ff651305f5c", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000231c" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 41 }, { "timestamp": "2026-05-28 21:41:40,750", "thread_id": "5284", "caller": "0x7ff651305dec", "parentcaller": "0x7ff651305f5c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000000-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 42 }, { "timestamp": "2026-05-28 21:41:40,765", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00021401-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "000214E4-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "lnkfile" } ], "repeated": 0, "id": 43 }, { "timestamp": "2026-05-28 21:41:40,765", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 2, "id": 44 }, { "timestamp": "2026-05-28 21:41:40,781", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "79EAC9EE-BAF9-11CE-8C82-00AA004BA90B" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 45 }, { "timestamp": "2026-05-28 21:41:40,812", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 46 }, { "timestamp": "2026-05-28 21:41:40,812", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoGetClassObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D" }, { "name": "ClsContext", "value": "0x00100004", "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_ENABLE_CLOAKING" }, { "name": "riid", "value": "00000001-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 47 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "79EAC9EE-BAF9-11CE-8C82-00AA004BA90B" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 48 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 49 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoGetClassObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D" }, { "name": "ClsContext", "value": "0x00100004", "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_ENABLE_CLOAKING" }, { "name": "riid", "value": "00000001-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 50 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "5632B1A4-E38A-400A-928A-D4CD63230295" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 51 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F1C46D71-B791-4110-8D5C-7108F22C1010" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8A43ED9F-F4E6-4421-ACF9-1DAB2986820C" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 52 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 53 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 54 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 55 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "276", "caller": "0x7ffc28a89aa2", "parentcaller": "0x7ffc28a8ac92", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 56 }, { "timestamp": "2026-05-28 21:41:40,828", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001b00" }, { "name": "ThreadHandle", "value": "0x0000270c" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" " }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "2072" } ], "repeated": 0, "id": 57 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" " }, { "name": "CreationFlags", "value": "0x04080414", "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT|CREATE_DEFAULT_ERROR_MODE" }, { "name": "ProcessId", "value": "2072" }, { "name": "ThreadId", "value": "1884" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00001b00" }, { "name": "ThreadHandle", "value": "0x0000270c" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 58 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 59 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 60 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 61 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5008", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001ae8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x02980000" }, { "name": "SectionOffset", "value": "0x0790d560" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 62 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000286c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 63 }, { "timestamp": "2026-05-28 21:41:40,844", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\sfc_os.dll" }, { "name": "BaseAddress", "value": "0x7ffc19490000" } ], "repeated": 0, "id": 64 }, { "timestamp": "2026-05-28 21:41:40,859", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000029fc" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 65 }, { "timestamp": "2026-05-28 21:41:40,859", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 66 }, { "timestamp": "2026-05-28 21:41:40,859", "thread_id": "5284", "caller": "0x7ff6512aa3e4", "parentcaller": "0x7ff6512b9b7a", "category": "process", "api": "ShellExecuteExW", "status": true, "return": "0x00000001", "arguments": [ { "name": "FilePath", "value": "" }, { "name": "Parameters", "value": "" }, { "name": "Show", "value": "1", "pretty_value": "SW_SHOWNORMAL" } ], "repeated": 0, "id": 67 }, { "timestamp": "2026-05-28 21:41:40,859", "thread_id": "3636", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00002778" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 68 }, { "timestamp": "2026-05-28 21:41:40,859", "thread_id": "3636", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000994" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 69 }, { "timestamp": "2026-05-28 21:41:40,859", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 2, "id": 70 }, { "timestamp": "2026-05-28 21:41:42,406", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002734" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 71 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "3848", "caller": "0x7ffc2adc2a0c", "parentcaller": "0x7ffc170ff12b", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009a8" }, { "name": "DesiredAccess", "value": "0x00020000", "pretty_value": "READ_CONTROL" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 1, "id": 72 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "4908", "caller": "0x7ff6510eb354", "parentcaller": "0x7ff6510eb12e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 73 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "3848", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 74 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "3848", "caller": "0x7ffc2714c1d6", "parentcaller": "0x7ffc2714bde6", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000000-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 75 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "3312", "caller": "0x7ff6510aca89", "parentcaller": "0x7ff6510ac93f", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000098c" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\apppatch\\sysmain.sdb" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 76 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "3312", "caller": "0x7ff6510ac67f", "parentcaller": "0x7ff6510ac407", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005ac" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47c6e0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x003e3000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 77 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "3312", "caller": "0x7ff6510aa878", "parentcaller": "0x7ff6510aa7ba", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47c6e0000" }, { "name": "RegionSize", "value": "0x003e3000" } ], "repeated": 0, "id": 78 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5576", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 79 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5576", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 80 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5008", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 81 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000918" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 82 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009ec" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 83 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 84 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5616", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 85 }, { "timestamp": "2026-05-28 21:41:42,437", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 86 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5616", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc289c58d4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 87 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5616", "caller": "0x7ffc289c5882", "parentcaller": "0x7ffc289c8f55", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "4234D49B-0245-4DF3-B780-3893943456E1" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "000214E6-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 88 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5616", "caller": "0x7ffc170a58e1", "parentcaller": "0x7ffc170a5ef1", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "02C5CCF3-805F-4654-A7B7-340A74335365" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 89 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5040", "caller": "0x7ff6510e99ca", "parentcaller": "0x7ff6510ea869", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 90 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "276", "caller": "0x7ffc2ada3013", "parentcaller": "0x7ffc13d7672b", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000017b0" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\GameDVR\\KnownGameList.bin" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xc0'\\x01\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 91 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5040", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009a8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 92 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5040", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009a8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files\\Google\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 93 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5040", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009a8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 94 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "5040", "caller": "0x7ff6510ea552", "parentcaller": "0x7ff6510e9a4f", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 95 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510e8f2b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 96 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510e8f2b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 97 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 98 }, { "timestamp": "2026-05-28 21:41:42,453", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 99 }, { "timestamp": "2026-05-28 21:41:42,484", "thread_id": "4908", "caller": "0x7ff6512b91e8", "parentcaller": "0x7ff6510e67d6", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000005ac" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000009a8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 100 }, { "timestamp": "2026-05-28 21:41:42,484", "thread_id": "4908", "caller": "0x7ff6512b91e8", "parentcaller": "0x7ff6510e67d6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000009a8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x047cef60" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 1, "id": 101 }, { "timestamp": "2026-05-28 21:41:42,656", "thread_id": "1492", "caller": "0x7ff6510c1f68", "parentcaller": "0x7ff651100020", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000918" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 102 }, { "timestamp": "2026-05-28 21:41:44,406", "thread_id": "5008", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 103 }, { "timestamp": "2026-05-28 21:41:44,437", "thread_id": "4908", "caller": "0x7ff6510eb354", "parentcaller": "0x7ff6510eb12e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 104 }, { "timestamp": "2026-05-28 21:41:44,437", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000098c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 105 }, { "timestamp": "2026-05-28 21:41:44,437", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000098c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 106 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "276", "caller": "0x7ff6510aca89", "parentcaller": "0x7ff6510ac93f", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\apppatch\\sysmain.sdb" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 107 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "276", "caller": "0x7ff6510ac67f", "parentcaller": "0x7ff6510ac407", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000098c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47c6e0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x003e3000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 108 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "276", "caller": "0x7ff6510aa878", "parentcaller": "0x7ff6510aa7ba", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47c6e0000" }, { "name": "RegionSize", "value": "0x003e3000" } ], "repeated": 0, "id": 109 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5040", "caller": "0x7ff6510e99ca", "parentcaller": "0x7ff6510ea869", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 110 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5040", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000098c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 111 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5040", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000098c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 112 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5576", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 113 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5040", "caller": "0x7ff6510ea552", "parentcaller": "0x7ff6510e9a4f", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 114 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510e8f2b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 115 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510e8f2b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 116 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 117 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 118 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001f90" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 119 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001e24" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x02980000" }, { "name": "SectionOffset", "value": "0x085dd870" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 120 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000be8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 121 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000029fc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x029b0000" }, { "name": "SectionOffset", "value": "0x0821d650" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 122 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x7ffc2714c1d6", "parentcaller": "0x7ffc2714bde6", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000000-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 123 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "2155FEE3-2419-4373-B102-6843707EB41F" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "F676C15D-596A-4CE2-8234-33996F445DB1" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 124 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 125 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x00bc3b20" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 126 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x0320eda8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 127 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000bdc" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 128 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "2155FEE3-2419-4373-B102-6843707EB41F" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "F676C15D-596A-4CE2-8234-33996F445DB1" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 129 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 130 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000bdc" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 131 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x00bc3b20" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 132 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x0320da88" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 133 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000286c" }, { "name": "DesiredAccess", "value": "0x00100000", "pretty_value": "SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "ShareAccess", "value": "0" } ], "repeated": 0, "id": 134 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000026bc" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 135 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000026bc" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 136 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000025f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x087b0000" }, { "name": "SectionOffset", "value": "0x0821e8f0" }, { "name": "ViewSize", "value": "0x00100000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 137 }, { "timestamp": "2026-05-28 21:41:44,453", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000026bc" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000286c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 138 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000026a8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\program files (x86)\\microsoft\\Edge\\application\\msedge.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 139 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x00002428" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x13d10000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00505000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 140 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\program files (x86)\\microsoft\\Edge\\SystemResources\\msedge.exe.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 141 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000026a8" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 142 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5024", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001f90" }, { "name": "DesiredAccess", "value": "0x00100000", "pretty_value": "SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "ShareAccess", "value": "0" } ], "repeated": 0, "id": 143 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000be8" }, { "name": "DesiredAccess", "value": "0x00100000", "pretty_value": "SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "ShareAccess", "value": "0" } ], "repeated": 0, "id": 144 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5024", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 145 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002504" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 146 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002504" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 147 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000023d8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x08f00000" }, { "name": "SectionOffset", "value": "0x085deb10" }, { "name": "ViewSize", "value": "0x00100000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 148 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00002504" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000024fc" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 149 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000024dc" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\program files (x86)\\microsoft\\Edge\\application\\msedge.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 150 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x00000be8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x13d10000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00505000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 151 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\program files (x86)\\microsoft\\Edge\\SystemResources\\msedge.exe.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 152 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x13d10000" }, { "name": "RegionSize", "value": "0x00505000" } ], "repeated": 0, "id": 153 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002838" }, { "name": "DesiredAccess", "value": "0x00100000", "pretty_value": "SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "ShareAccess", "value": "0" } ], "repeated": 0, "id": 154 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "1492", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 155 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000be8" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 156 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002980" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 157 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5576", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 158 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009e0" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 159 }, { "timestamp": "2026-05-28 21:41:44,469", "thread_id": "4148", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001e20" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 160 }, { "timestamp": "2026-05-28 21:41:44,484", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 161 }, { "timestamp": "2026-05-28 21:41:44,484", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 162 }, { "timestamp": "2026-05-28 21:41:44,500", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000be8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09862260" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "11204" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 163 }, { "timestamp": "2026-05-28 21:41:44,500", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000be8" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "11204" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 164 }, { "timestamp": "2026-05-28 21:41:44,515", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 165 }, { "timestamp": "2026-05-28 21:41:44,515", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 166 }, { "timestamp": "2026-05-28 21:41:44,515", "thread_id": "276", "caller": "0x7ffc2ada3013", "parentcaller": "0x7ffc13d7672b", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000017b0" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\GameDVR\\KnownGameList.bin" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x0c\\xaf\\x04\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 167 }, { "timestamp": "2026-05-28 21:41:44,531", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 168 }, { "timestamp": "2026-05-28 21:41:44,531", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 169 }, { "timestamp": "2026-05-28 21:41:44,547", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 170 }, { "timestamp": "2026-05-28 21:41:44,547", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 171 }, { "timestamp": "2026-05-28 21:41:44,578", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 172 }, { "timestamp": "2026-05-28 21:41:44,578", "thread_id": "4148", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 173 }, { "timestamp": "2026-05-28 21:41:44,578", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 174 }, { "timestamp": "2026-05-28 21:41:44,594", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 175 }, { "timestamp": "2026-05-28 21:41:44,594", "thread_id": "4148", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc289c58d4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 176 }, { "timestamp": "2026-05-28 21:41:44,594", "thread_id": "4148", "caller": "0x7ffc289c5882", "parentcaller": "0x7ffc289c8f55", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "4234D49B-0245-4DF3-B780-3893943456E1" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "000214E6-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 177 }, { "timestamp": "2026-05-28 21:41:44,594", "thread_id": "4148", "caller": "0x7ffc170a58e1", "parentcaller": "0x7ffc170a5ef1", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "02C5CCF3-805F-4654-A7B7-340A74335365" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 178 }, { "timestamp": "2026-05-28 21:41:44,594", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 179 }, { "timestamp": "2026-05-28 21:41:44,609", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 180 }, { "timestamp": "2026-05-28 21:41:44,609", "thread_id": "3312", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 181 }, { "timestamp": "2026-05-28 21:41:44,609", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 182 }, { "timestamp": "2026-05-28 21:41:44,609", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 183 }, { "timestamp": "2026-05-28 21:41:45,109", "thread_id": "4908", "caller": "0x7ff6510c652c", "parentcaller": "0x7ff6510c5d54", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\rsaenh.dll" }, { "name": "BaseAddress", "value": "0x7ffc297d0000" } ], "repeated": 1, "id": 184 }, { "timestamp": "2026-05-28 21:41:45,109", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000286c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSSO.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 185 }, { "timestamp": "2026-05-28 21:41:45,109", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000020d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x09100000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000eb000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 186 }, { "timestamp": "2026-05-28 21:41:45,109", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x09100000" }, { "name": "RegionSize", "value": "0x000eb000" } ], "repeated": 0, "id": 187 }, { "timestamp": "2026-05-28 21:41:45,609", "thread_id": "4924", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b15f034", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000009e0" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000233c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 188 }, { "timestamp": "2026-05-28 21:41:45,609", "thread_id": "4924", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000233c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0738f510" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 1, "id": 189 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "4984", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 190 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "5460", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 191 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "5460", "caller": "0x7ffc12ab8258", "parentcaller": "0x7ffc12ab88d7", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 192 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "5460", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000022d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0897eea0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 193 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009e0" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 194 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "5460", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002538" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0897ec40" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 195 }, { "timestamp": "2026-05-28 21:41:45,719", "thread_id": "4984", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002530" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x07a8d810" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 196 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "4984", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b448db3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 197 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "12156", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000253c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 198 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "12156", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 199 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "5460", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 200 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 201 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 202 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 203 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 204 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "5460", "caller": "0x7ffc2d0fed8a", "parentcaller": "0x7ffc2d11db07", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0dbed000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 205 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "5460", "caller": "0x7ffc2d004db6", "parentcaller": "0x7ffc2d003b55", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002500" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "C:\\Windows\\System32\\twinui.pcshell.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 206 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "5460", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc161922b4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 1, "id": 207 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "4984", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002534" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x07a8ef30" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 208 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "4984", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 209 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 210 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 211 }, { "timestamp": "2026-05-28 21:41:45,734", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 212 }, { "timestamp": "2026-05-28 21:41:45,750", "thread_id": "1492", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 213 }, { "timestamp": "2026-05-28 21:41:45,875", "thread_id": "4984", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000029b4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 214 }, { "timestamp": "2026-05-28 21:41:47,187", "thread_id": "5008", "caller": "0x7ffc2d0fed8a", "parentcaller": "0x7ffc2d11db07", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0dc1c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 215 }, { "timestamp": "2026-05-28 21:41:49,547", "thread_id": "4984", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 2, "id": 216 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "4984", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x07a8d810" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 217 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "4984", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b448db3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 218 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "12156", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001ee8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0865f020" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 219 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "12156", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001ee8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 220 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "12156", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 221 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 222 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 223 }, { "timestamp": "2026-05-28 21:41:50,844", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 224 }, { "timestamp": "2026-05-28 21:41:50,859", "thread_id": "1492", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 225 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "5576", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 226 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "4924", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b15f034", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00001a70" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00002314" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 227 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "4924", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002314" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0738f5d0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 1, "id": 228 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "4924", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b15f034", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00001a70" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001a70" }, { "name": "Options", "value": "0x00000003" } ], "repeated": 0, "id": 229 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 230 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "276", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 231 }, { "timestamp": "2026-05-28 21:41:54,734", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 232 }, { "timestamp": "2026-05-28 21:41:55,203", "thread_id": "4908", "caller": "0x7ff6510c652c", "parentcaller": "0x7ff6510c5d54", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\rsaenh.dll" }, { "name": "BaseAddress", "value": "0x7ffc297d0000" } ], "repeated": 1, "id": 233 }, { "timestamp": "2026-05-28 21:41:55,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001a70" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSSO.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 234 }, { "timestamp": "2026-05-28 21:41:55,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002314" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x09100000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000eb000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 235 }, { "timestamp": "2026-05-28 21:41:55,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x09100000" }, { "name": "RegionSize", "value": "0x000eb000" } ], "repeated": 0, "id": 236 }, { "timestamp": "2026-05-28 21:42:00,484", "thread_id": "4908", "caller": "0x7ff6510eb354", "parentcaller": "0x7ff6510eb12e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 237 }, { "timestamp": "2026-05-28 21:42:00,484", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 238 }, { "timestamp": "2026-05-28 21:42:00,484", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000029b4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 239 }, { "timestamp": "2026-05-28 21:42:00,484", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001f7c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 240 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "5040", "caller": "0x7ff6510e99ca", "parentcaller": "0x7ff6510ea869", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 241 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510e8f2b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 242 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 243 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 244 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 245 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 246 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "5576", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 247 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "5576", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 248 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 249 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 250 }, { "timestamp": "2026-05-28 21:42:00,500", "thread_id": "276", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 2, "id": 251 }, { "timestamp": "2026-05-28 21:42:00,515", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 252 }, { "timestamp": "2026-05-28 21:42:00,515", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 253 }, { "timestamp": "2026-05-28 21:42:00,531", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 254 }, { "timestamp": "2026-05-28 21:42:00,531", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 255 }, { "timestamp": "2026-05-28 21:42:00,547", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 256 }, { "timestamp": "2026-05-28 21:42:00,547", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 257 }, { "timestamp": "2026-05-28 21:42:00,562", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 258 }, { "timestamp": "2026-05-28 21:42:00,562", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 259 }, { "timestamp": "2026-05-28 21:42:00,578", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 260 }, { "timestamp": "2026-05-28 21:42:00,578", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 261 }, { "timestamp": "2026-05-28 21:42:00,594", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 262 }, { "timestamp": "2026-05-28 21:42:00,594", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 263 }, { "timestamp": "2026-05-28 21:42:00,609", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 264 }, { "timestamp": "2026-05-28 21:42:00,609", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 265 }, { "timestamp": "2026-05-28 21:42:00,625", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 266 }, { "timestamp": "2026-05-28 21:42:00,625", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 267 }, { "timestamp": "2026-05-28 21:42:00,640", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 268 }, { "timestamp": "2026-05-28 21:42:00,640", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 269 }, { "timestamp": "2026-05-28 21:42:00,656", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 270 }, { "timestamp": "2026-05-28 21:42:00,656", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 271 }, { "timestamp": "2026-05-28 21:42:00,672", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 272 }, { "timestamp": "2026-05-28 21:42:00,672", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 273 }, { "timestamp": "2026-05-28 21:42:04,781", "thread_id": "12156", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023c4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 274 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 275 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 276 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 277 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 278 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "5576", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 279 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "5576", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 280 }, { "timestamp": "2026-05-28 21:42:08,062", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002540" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 281 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023b0" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 282 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 283 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "3312", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 284 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 285 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "3312", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc289c58d4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 286 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "3312", "caller": "0x7ffc289c5882", "parentcaller": "0x7ffc289c8f55", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "4234D49B-0245-4DF3-B780-3893943456E1" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "000214E6-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 287 }, { "timestamp": "2026-05-28 21:42:08,078", "thread_id": "3312", "caller": "0x7ffc170a58e1", "parentcaller": "0x7ffc170a5ef1", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "02C5CCF3-805F-4654-A7B7-340A74335365" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 288 }, { "timestamp": "2026-05-28 21:42:08,250", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 289 }, { "timestamp": "2026-05-28 21:42:08,250", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 290 }, { "timestamp": "2026-05-28 21:42:08,265", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 291 }, { "timestamp": "2026-05-28 21:42:08,265", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 292 }, { "timestamp": "2026-05-28 21:42:08,281", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 293 }, { "timestamp": "2026-05-28 21:42:08,281", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 294 }, { "timestamp": "2026-05-28 21:42:08,297", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 295 }, { "timestamp": "2026-05-28 21:42:08,297", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 296 }, { "timestamp": "2026-05-28 21:42:08,312", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 297 }, { "timestamp": "2026-05-28 21:42:08,312", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 298 }, { "timestamp": "2026-05-28 21:42:08,328", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 299 }, { "timestamp": "2026-05-28 21:42:08,328", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 300 }, { "timestamp": "2026-05-28 21:42:08,344", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 301 }, { "timestamp": "2026-05-28 21:42:08,344", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 302 }, { "timestamp": "2026-05-28 21:42:08,375", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 303 }, { "timestamp": "2026-05-28 21:42:08,375", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 304 }, { "timestamp": "2026-05-28 21:42:08,390", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 305 }, { "timestamp": "2026-05-28 21:42:08,390", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 306 }, { "timestamp": "2026-05-28 21:42:08,406", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 307 }, { "timestamp": "2026-05-28 21:42:08,406", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 308 }, { "timestamp": "2026-05-28 21:42:08,422", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 309 }, { "timestamp": "2026-05-28 21:42:08,422", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 310 }, { "timestamp": "2026-05-28 21:42:08,437", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 311 }, { "timestamp": "2026-05-28 21:42:08,437", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 312 }, { "timestamp": "2026-05-28 21:42:08,469", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 313 }, { "timestamp": "2026-05-28 21:42:08,469", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 314 }, { "timestamp": "2026-05-28 21:42:08,500", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 315 }, { "timestamp": "2026-05-28 21:42:08,500", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 316 }, { "timestamp": "2026-05-28 21:42:13,062", "thread_id": "12156", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000233c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 317 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "12156", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 318 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "12156", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000009a8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0865d900" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 319 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "12156", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b448db3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 320 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "12156", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002540" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0865f020" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 321 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "12156", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 322 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 323 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 324 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "1492", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 325 }, { "timestamp": "2026-05-28 21:42:20,844", "thread_id": "1492", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 326 }, { "timestamp": "2026-05-28 21:42:26,015", "thread_id": "4908", "caller": "0x7ff6510c652c", "parentcaller": "0x7ff6510c5d54", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\rsaenh.dll" }, { "name": "BaseAddress", "value": "0x7ffc297d0000" } ], "repeated": 1, "id": 327 }, { "timestamp": "2026-05-28 21:42:26,015", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002540" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSSO.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 328 }, { "timestamp": "2026-05-28 21:42:26,015", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000098c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x087b0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000eb000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 329 }, { "timestamp": "2026-05-28 21:42:26,015", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x087b0000" }, { "name": "RegionSize", "value": "0x000eb000" } ], "repeated": 0, "id": 330 }, { "timestamp": "2026-05-28 21:42:48,234", "thread_id": "5040", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\system32\\execmodelproxy" }, { "name": "DllBase", "value": "0x7ffc178b0000" } ], "repeated": 0, "id": 331 }, { "timestamp": "2026-05-28 21:42:48,234", "thread_id": "5040", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc178b0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 332 }, { "timestamp": "2026-05-28 21:42:48,234", "thread_id": "5040", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CapabilityAccessManagerClient" }, { "name": "DllBase", "value": "0x7ffc0d0a0000" } ], "repeated": 0, "id": 333 }, { "timestamp": "2026-05-28 21:42:48,234", "thread_id": "5040", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc0d0a0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 334 }, { "timestamp": "2026-05-28 21:42:48,234", "thread_id": "5040", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\system32\\SecurityHealthProxyStub" }, { "name": "DllBase", "value": "0x7ffc1c2c0000" } ], "repeated": 0, "id": 335 }, { "timestamp": "2026-05-28 21:42:48,234", "thread_id": "5040", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c2c0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 336 }, { "timestamp": "2026-05-28 21:42:48,890", "thread_id": "5040", "caller": "0x7ffc2adc86ed", "parentcaller": "0x7ffc2b8acc83", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000018b8" }, { "name": "DesiredAccess", "value": "0x00100000", "pretty_value": "SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "0" } ], "repeated": 0, "id": 337 }, { "timestamp": "2026-05-28 21:42:48,890", "thread_id": "5040", "caller": "0x7ffc2d14fc9c", "parentcaller": "0x7ffc2d14fa80", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000018b8" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\storageusage.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 338 }, { "timestamp": "2026-05-28 21:42:48,890", "thread_id": "5040", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000c58" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14310000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0002f000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 339 }, { "timestamp": "2026-05-28 21:42:48,890", "thread_id": "5040", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\storageusage" }, { "name": "DllBase", "value": "0x7ffc14310000" } ], "repeated": 0, "id": 340 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 341 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000270c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0855d3e0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 342 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b448db3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 343 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000270c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0855eb00" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 344 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 345 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000029c0", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09860ac0" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "8752" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 346 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000029c0" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "8752" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 347 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "8752", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000029c0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 348 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 349 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 350 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 351 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "8752", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 352 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00002428", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09861e00" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "6324" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 353 }, { "timestamp": "2026-05-28 21:43:20,859", "thread_id": "5040", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00002428" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "6324" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 354 }, { "timestamp": "2026-05-28 21:43:20,875", "thread_id": "6324", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000026a8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 355 }, { "timestamp": "2026-05-28 21:43:20,875", "thread_id": "6324", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00002484" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 356 }, { "timestamp": "2026-05-28 21:43:26,469", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 357 }, { "timestamp": "2026-05-28 21:43:26,469", "thread_id": "6324", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 358 }, { "timestamp": "2026-05-28 21:43:26,469", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 359 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 360 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5040", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001a64" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0855d3e0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 361 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b448db3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 362 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5576", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001c4c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0a97eb30" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 363 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5576", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 364 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 365 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 366 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 367 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "8752", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 368 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5576", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000024f4", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x098617e0" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "13152" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 369 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "5576", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000024f4" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "13152" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 370 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "13152", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001c4c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 371 }, { "timestamp": "2026-05-28 21:43:26,484", "thread_id": "13152", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000230c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 372 }, { "timestamp": "2026-05-28 21:43:31,375", "thread_id": "5576", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002408" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 373 }, { "timestamp": "2026-05-28 21:43:31,656", "thread_id": "5576", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 374 }, { "timestamp": "2026-05-28 21:43:31,703", "thread_id": "5040", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0855d3e0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 375 }, { "timestamp": "2026-05-28 21:43:31,703", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b448db3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "41FD88F7-F295-4D39-91AC-A85F3149A05B" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 376 }, { "timestamp": "2026-05-28 21:43:31,734", "thread_id": "5040", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x0855eb00" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 377 }, { "timestamp": "2026-05-28 21:43:31,781", "thread_id": "5040", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CCC63AE1-56A5-4F9C-ABE8-E55674F0C0A6" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 378 }, { "timestamp": "2026-05-28 21:43:31,781", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DA620430-5F6C-447D-8091-C5757E275B37" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 379 }, { "timestamp": "2026-05-28 21:43:31,781", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b17319a", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7BCE3CFB-954C-438F-974C-73A8E0593F1A" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 380 }, { "timestamp": "2026-05-28 21:43:31,781", "thread_id": "8752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b47aff0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000352-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 381 }, { "timestamp": "2026-05-28 21:43:31,781", "thread_id": "8752", "caller": "0x7ffc288d083e", "parentcaller": "0x7ffc288d072b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 382 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\system32\\wpdshext" }, { "name": "DllBase", "value": "0x7ffc151a0000" } ], "repeated": 0, "id": 383 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc151a0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 384 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2d17290d", "parentcaller": "0x7ffc2d1035db", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x10920000" }, { "name": "RegionSize", "value": "0x00002000" } ], "repeated": 0, "id": 385 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\provsvc" }, { "name": "DllBase", "value": "0x7ffc13260000" } ], "repeated": 0, "id": 386 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc13260000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 387 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\EhStorAPI" }, { "name": "DllBase", "value": "0x7ffc17880000" } ], "repeated": 0, "id": 388 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc17880000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 389 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2b453b78", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Services.TargetedContent" }, { "name": "DllBase", "value": "0x7ffc10710000" } ], "repeated": 0, "id": 390 }, { "timestamp": "2026-05-28 21:43:37,734", "thread_id": "7868", "caller": "0x7ffc2d160db0", "parentcaller": "0x7ffc2d120391", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10710000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 391 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5576", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 392 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "6324", "caller": "0x7ff651128fba", "parentcaller": "0x00000000", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 393 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "6324", "caller": "0x7ff651128fba", "parentcaller": "0x00000000", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000404", "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 394 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004ec" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 395 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000029b4", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x098619a0" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "13748" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 396 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000029b4" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "13748" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 397 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000009a8" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 398 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00001a70", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09862180" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "13724" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 399 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00001a70" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "13724" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 400 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000009a8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09862420" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "13732" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 401 }, { "timestamp": "2026-05-28 21:43:48,922", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000009a8" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "13732" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 402 }, { "timestamp": "2026-05-28 21:43:48,969", "thread_id": "13724", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000023b4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 403 }, { "timestamp": "2026-05-28 21:43:48,969", "thread_id": "13724", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000023b0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 404 }, { "timestamp": "2026-05-28 21:43:49,000", "thread_id": "5008", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 405 }, { "timestamp": "2026-05-28 21:43:49,000", "thread_id": "4908", "caller": "0x7ff651290528", "parentcaller": "0x7ff651249f49", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 406 }, { "timestamp": "2026-05-28 21:43:49,000", "thread_id": "4908", "caller": "0x7ff651290528", "parentcaller": "0x7ff651249f49", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "228826AF-02E1-4226-A9E0-99A855E455A6" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "9767060C-9476-42E2-8F7B-2F10FD13765C" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 407 }, { "timestamp": "2026-05-28 21:43:49,015", "thread_id": "5008", "caller": "0x7ffc14c838c2", "parentcaller": "0x7ffc14c7f6c0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "78317482-5B49-4093-9C34-2758FC63BEF0" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "AD5638D2-B769-4221-AA2F-D74E6AD42C24" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 408 }, { "timestamp": "2026-05-28 21:43:49,109", "thread_id": "6324", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 2, "id": 409 }, { "timestamp": "2026-05-28 21:43:49,859", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023d8" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 410 }, { "timestamp": "2026-05-28 21:43:49,984", "thread_id": "13736", "caller": "0x7ffc289c4fbc", "parentcaller": "0x7ffc289bf4db", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 411 }, { "timestamp": "2026-05-28 21:43:49,984", "thread_id": "13736", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000057c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 412 }, { "timestamp": "2026-05-28 21:43:50,000", "thread_id": "13736", "caller": "0x7ffc2714d21a", "parentcaller": "0x7ffc289d3235", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000000-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 413 }, { "timestamp": "2026-05-28 21:43:50,000", "thread_id": "13736", "caller": "0x7ffc2b42f303", "parentcaller": "0x7ffc2b42e7f3", "category": "com", "api": "CoCreateInstanceEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "ServerName", "value": "" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 414 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc289c4fbc", "parentcaller": "0x7ffc289bf4db", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 415 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2b207b67", "parentcaller": "0x7ffc2b207add", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "79EAC9EE-BAF9-11CE-8C82-00AA004BA90B" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 416 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 417 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 418 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 419 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2adcc32f", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00120080", "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 420 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86bcf", "parentcaller": "0x7ffc2ad86f7c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 2, "id": 421 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85cb3", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000033", "pretty_return": "OBJECT_NAME_INVALID", "arguments": [ { "name": "FileHandle", "value": "0x0002000f" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "no" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 422 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86bcf", "parentcaller": "0x7ffc2ad86f7c", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x7ffc2b8f207c" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 423 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85cb3", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 424 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86c28", "parentcaller": "0x7ffc2ad86f7c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 1, "id": 425 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85cb3", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 426 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86bcf", "parentcaller": "0x7ffc2ad86f7c", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 427 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85cb3", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 428 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86c28", "parentcaller": "0x7ffc2ad86f7c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 1, "id": 429 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85cb3", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 430 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad84d82", "parentcaller": "0x7ffc2ad870c7", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 431 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad84f8e", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 432 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad84d82", "parentcaller": "0x7ffc2ad8693c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 433 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad84f8e", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 434 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00120080", "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\Volume{528c102f-0000-0000-0000-300300000000}" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "no" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 435 }, { "timestamp": "2026-05-28 21:43:50,109", "thread_id": "13736", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc15f35ccf", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xffffffff" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000e00" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 436 }, { "timestamp": "2026-05-28 21:43:50,187", "thread_id": "13736", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 437 }, { "timestamp": "2026-05-28 21:43:50,187", "thread_id": "13736", "caller": "0x7ffc15f36ced", "parentcaller": "0x7ffc15f3816c", "category": "com", "api": "CoGetClassObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D" }, { "name": "ClsContext", "value": "0x00100004", "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_ENABLE_CLOAKING" }, { "name": "riid", "value": "00000001-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 438 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2b8a1e0e", "parentcaller": "0x7ffc2b88992c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "5632B1A4-E38A-400A-928A-D4CD63230295" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 439 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2897574b", "parentcaller": "0x7ffc289750a2", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F1C46D71-B791-4110-8D5C-7108F22C1010" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8A43ED9F-F4E6-4421-ACF9-1DAB2986820C" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 440 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc289c58d4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 441 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2adcc32f", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 442 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b176fcb", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000ef8" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000ef4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 443 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 444 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad87786", "parentcaller": "0x7ffc2ad85630", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x00000eec" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00130000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 445 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2d13bb2a", "parentcaller": "0x7ffc2d13b99e", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\taskmgr.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 446 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2d13bbcc", "parentcaller": "0x7ffc2d13b99e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000eec" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x0872cb70" }, { "name": "ViewSize", "value": "0x0000f000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 447 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2d15a871", "parentcaller": "0x7ffc2ad7ad69", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "RegionSize", "value": "0x0000f000" } ], "repeated": 0, "id": 448 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad7ad9e", "parentcaller": "0x7ffc2ad7bfbf", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00130000" } ], "repeated": 0, "id": 449 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 450 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad87786", "parentcaller": "0x7ffc2ad85630", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x00000eec" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00130000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 451 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2d13bb2a", "parentcaller": "0x7ffc2d13b99e", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\taskmgr.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 452 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2d13bbcc", "parentcaller": "0x7ffc2d13b99e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000eec" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x0872cb60" }, { "name": "ViewSize", "value": "0x0000f000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 453 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2d15a871", "parentcaller": "0x7ffc2ad7ad69", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "RegionSize", "value": "0x0000f000" } ], "repeated": 0, "id": 454 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad7ad9e", "parentcaller": "0x7ffc2ad7b638", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00130000" } ], "repeated": 0, "id": 455 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 456 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad87786", "parentcaller": "0x7ffc2ad85630", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x00000eec" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00130000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 457 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad7ad9e", "parentcaller": "0x7ffc2ad7bfbf", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00130000" } ], "repeated": 0, "id": 458 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 459 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad87786", "parentcaller": "0x7ffc2ad85630", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x00000eec" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00130000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 460 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2ad7ad9e", "parentcaller": "0x7ffc2ad7b638", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00130000" } ], "repeated": 0, "id": 461 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2897515a", "parentcaller": "0x7ffc28971038", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "21CBC515-2DDE-4D66-8292-BA34BD25094A" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 462 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "5024", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 463 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "6324", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 464 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "6324", "caller": "0x7ffc28a89aa2", "parentcaller": "0x7ffc28a8ac92", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 465 }, { "timestamp": "2026-05-28 21:43:50,406", "thread_id": "13736", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000ef4" }, { "name": "ThreadHandle", "value": "0x00000e00" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Windows\\system32\\taskmgr.exe" }, { "name": "CommandLine", "value": "\"C:\\Windows\\system32\\taskmgr.exe\" /4" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 466 }, { "timestamp": "2026-05-28 21:43:52,781", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 467 }, { "timestamp": "2026-05-28 21:43:52,781", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 468 }, { "timestamp": "2026-05-28 21:43:52,781", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 469 }, { "timestamp": "2026-05-28 21:43:52,781", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 470 }, { "timestamp": "2026-05-28 21:43:52,781", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 471 }, { "timestamp": "2026-05-28 21:43:52,781", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 472 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 473 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 474 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 475 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 476 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 477 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 478 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 479 }, { "timestamp": "2026-05-28 21:43:52,797", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 480 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 481 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 482 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 483 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 484 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 485 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 486 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 487 }, { "timestamp": "2026-05-28 21:43:52,812", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 488 }, { "timestamp": "2026-05-28 21:43:52,828", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 489 }, { "timestamp": "2026-05-28 21:43:52,828", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 490 }, { "timestamp": "2026-05-28 21:43:52,844", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 491 }, { "timestamp": "2026-05-28 21:43:52,844", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 492 }, { "timestamp": "2026-05-28 21:43:52,859", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 493 }, { "timestamp": "2026-05-28 21:43:52,859", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 494 }, { "timestamp": "2026-05-28 21:43:52,875", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 495 }, { "timestamp": "2026-05-28 21:43:52,875", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 496 }, { "timestamp": "2026-05-28 21:43:52,906", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 497 }, { "timestamp": "2026-05-28 21:43:52,906", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 498 }, { "timestamp": "2026-05-28 21:43:52,937", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 499 }, { "timestamp": "2026-05-28 21:43:52,937", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 500 }, { "timestamp": "2026-05-28 21:43:52,953", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 501 }, { "timestamp": "2026-05-28 21:43:52,953", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 502 }, { "timestamp": "2026-05-28 21:43:52,969", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 503 }, { "timestamp": "2026-05-28 21:43:52,969", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 504 }, { "timestamp": "2026-05-28 21:43:52,984", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 505 }, { "timestamp": "2026-05-28 21:43:52,984", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 506 }, { "timestamp": "2026-05-28 21:43:53,781", "thread_id": "13736", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Windows\\system32\\taskmgr.exe" }, { "name": "CommandLine", "value": "\"C:\\Windows\\system32\\taskmgr.exe\" /4" }, { "name": "CreationFlags", "value": "0x04080414", "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT|CREATE_DEFAULT_ERROR_MODE" }, { "name": "ProcessId", "value": "14276" }, { "name": "ThreadId", "value": "14212" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000ef4" }, { "name": "ThreadHandle", "value": "0x00000e00" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 507 }, { "timestamp": "2026-05-28 21:43:53,781", "thread_id": "13736", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc1786170e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\sfc_os.dll" }, { "name": "BaseAddress", "value": "0x7ffc19490000" } ], "repeated": 0, "id": 508 }, { "timestamp": "2026-05-28 21:43:53,781", "thread_id": "13736", "caller": "0x7ffc19491284", "parentcaller": "0x7ffc1949113e", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eec" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "C:\\Windows\\WinSxS\\FileMaps\\$$_system32_21f9a9c4a2f8b514.cdf-ms" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" } ], "repeated": 0, "id": 509 }, { "timestamp": "2026-05-28 21:43:53,781", "thread_id": "13736", "caller": "0x7ffc194913fd", "parentcaller": "0x7ffc194912af", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ee4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47ca10000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000b7000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 510 }, { "timestamp": "2026-05-28 21:43:53,781", "thread_id": "13736", "caller": "0x7ffc2d0fed8a", "parentcaller": "0x7ffc2d11db07", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0cb32000" }, { "name": "RegionSize", "value": "0x00033000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 511 }, { "timestamp": "2026-05-28 21:43:53,781", "thread_id": "13736", "caller": "0x7ffc194914f9", "parentcaller": "0x7ffc194911ec", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47ca10000" }, { "name": "RegionSize", "value": "0x000b7000" } ], "repeated": 0, "id": 512 }, { "timestamp": "2026-05-28 21:43:55,359", "thread_id": "13736", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc28a22a9b", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000e00" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "14212" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 513 }, { "timestamp": "2026-05-28 21:43:55,359", "thread_id": "13736", "caller": "0x7ffc2b42f303", "parentcaller": "0x7ffc2b42e7f3", "category": "com", "api": "CoCreateInstanceEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "ServerName", "value": "" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 514 }, { "timestamp": "2026-05-28 21:43:55,359", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "process", "api": "ShellExecuteExW", "status": true, "return": "0x00000001", "arguments": [ { "name": "FilePath", "value": "%SystemRoot%\\system32\\taskmgr.exe" }, { "name": "Parameters", "value": "/4" }, { "name": "Show", "value": "1", "pretty_value": "SW_SHOWNORMAL" } ], "repeated": 0, "id": 515 }, { "timestamp": "2026-05-28 21:44:00,750", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023a8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 516 }, { "timestamp": "2026-05-28 21:44:00,750", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023a8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 517 }, { "timestamp": "2026-05-28 21:44:00,750", "thread_id": "3848", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023a8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 518 }, { "timestamp": "2026-05-28 21:44:02,297", "thread_id": "5008", "caller": "0x7ffc164be757", "parentcaller": "0x7ffc1616686e", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 519 }, { "timestamp": "2026-05-28 21:44:02,297", "thread_id": "5008", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002a14" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 520 }, { "timestamp": "2026-05-28 21:44:02,297", "thread_id": "5008", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002a14" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 521 }, { "timestamp": "2026-05-28 21:44:02,297", "thread_id": "5008", "caller": "0x7ffc2ad7fcb5", "parentcaller": "0x7ffc2adc5984", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002a14" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 522 }, { "timestamp": "2026-05-28 21:44:02,297", "thread_id": "5008", "caller": "0x7ffc18d7c07b", "parentcaller": "0x7ffc18d7c564", "category": "com", "api": "CoCreateInstance", "status": false, "return": "0xffffffff8001010d", "arguments": [ { "name": "rclsid", "value": "3480A401-BDE9-4407-BC02-798A866AC051" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "0F4ACCB1-D8F9-4011-BA37-2557925A78CF" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 523 }, { "timestamp": "2026-05-28 21:44:02,297", "thread_id": "5008", "caller": "0x7ffc18d7c12b", "parentcaller": "0x7ffc18d7c564", "category": "com", "api": "CoCreateInstance", "status": false, "return": "0xffffffff8001010d", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 524 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 525 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "4908", "caller": "0x7ff6510eb354", "parentcaller": "0x7ff6510eb12e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 526 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002764" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 527 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000b84" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 528 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "6324", "caller": "0x7ff6510aca89", "parentcaller": "0x7ff6510ac93f", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ec8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\apppatch\\sysmain.sdb" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 529 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "6324", "caller": "0x7ff6510ac67f", "parentcaller": "0x7ff6510ac407", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000e44" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47c6e0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x003e3000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 530 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "6324", "caller": "0x7ff6510aa878", "parentcaller": "0x7ff6510aa7ba", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7df47c6e0000" }, { "name": "RegionSize", "value": "0x003e3000" } ], "repeated": 0, "id": 531 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "5008", "caller": "0x7ffc2d00b8ed", "parentcaller": "0x7ffc2b165341", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000f24", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x09861b60" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "11008" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 532 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "5008", "caller": "0x7ffc2adcf430", "parentcaller": "0x7ffc2b165379", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000f24" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "11008" }, { "name": "ProcessId", "value": "4248" } ], "repeated": 0, "id": 533 }, { "timestamp": "2026-05-28 21:44:02,312", "thread_id": "13732", "caller": "0x7ff6511a9247", "parentcaller": "0x00000000", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000f2c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 534 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510e99ca", "parentcaller": "0x7ff6510ea869", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 535 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 536 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 537 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ebdd2", "parentcaller": "0x7ff6510ea52a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 538 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ea552", "parentcaller": "0x7ff6510e9a4f", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 539 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ea552", "parentcaller": "0x7ff6510e9a4f", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 540 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ea552", "parentcaller": "0x7ff6510e9a4f", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 541 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "5576", "caller": "0x7ff6510ea552", "parentcaller": "0x7ff6510e9a4f", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002214" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 542 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510e8f2b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 543 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510e8f2b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 544 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 545 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 546 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510e8f2b", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 547 }, { "timestamp": "2026-05-28 21:44:02,359", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510e8f2b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 548 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "2155FEE3-2419-4373-B102-6843707EB41F" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "F676C15D-596A-4CE2-8234-33996F445DB1" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 549 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 550 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x00bc3b20" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 551 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x0320e0e8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 552 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002764" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 553 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00002764" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 554 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002214" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b00000" }, { "name": "SectionOffset", "value": "0x00d5ee90" }, { "name": "ViewSize", "value": "0x00008000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 555 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00002764" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000026a4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 556 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023ac" }, { "name": "DesiredAccess", "value": "0x00100000", "pretty_value": "SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" }, { "name": "ShareAccess", "value": "0" } ], "repeated": 0, "id": 557 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023ac" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 558 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023ac" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 559 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002214" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x087b0000" }, { "name": "SectionOffset", "value": "0x00d5ee10" }, { "name": "ViewSize", "value": "0x00100000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 560 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "8752", "caller": "0x7ff6510b0b6a", "parentcaller": "0x7ff6510b0a51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000023ac" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000ed0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 561 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "4380", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 562 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 563 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023d8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 564 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023d8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 565 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000023d8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 566 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "5708", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000344-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 567 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "13152", "caller": "0x7ffc12d64428", "parentcaller": "0x7ffc12d63a03", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F0AE1542-F497-484B-A175-A20DB09144BA" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8DC24A1A-6314-4769-9D68-179786F4CED6" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 568 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "5708", "caller": "0x7ffc2ad89dd2", "parentcaller": "0x7ffc28969e99", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000035", "pretty_return": "OBJECT_NAME_COLLISION", "arguments": [ { "name": "FileHandle", "value": "0x4574f454d" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" }, { "name": "CreateDisposition", "value": "2", "pretty_value": "FILE_CREATE" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 569 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "13152", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc289c58d4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 570 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "13152", "caller": "0x7ffc289c5882", "parentcaller": "0x7ffc289c8f55", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "4234D49B-0245-4DF3-B780-3893943456E1" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "000214E6-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 571 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "13152", "caller": "0x7ffc170a58e1", "parentcaller": "0x7ffc170a5ef1", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "02C5CCF3-805F-4654-A7B7-340A74335365" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 572 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "11008", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000efc" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 573 }, { "timestamp": "2026-05-28 21:44:02,375", "thread_id": "11008", "caller": "0x7ffc2ada3013", "parentcaller": "0x7ffc13d7672b", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000017b0" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\GameDVR\\KnownGameList.bin" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0P\\x07\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 574 }, { "timestamp": "2026-05-28 21:44:02,437", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000e00" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 575 }, { "timestamp": "2026-05-28 21:44:02,437", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000028b4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 576 }, { "timestamp": "2026-05-28 21:44:02,547", "thread_id": "5460", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 577 }, { "timestamp": "2026-05-28 21:44:02,547", "thread_id": "4908", "caller": "0x7ff65108f2e2", "parentcaller": "0x7ff65108f1d3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 578 }, { "timestamp": "2026-05-28 21:44:02,547", "thread_id": "4908", "caller": "0x7ff65108f2e2", "parentcaller": "0x7ff65108f1d3", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000404", "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 579 }, { "timestamp": "2026-05-28 21:44:02,703", "thread_id": "13748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000b80" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 580 }, { "timestamp": "2026-05-28 21:44:02,703", "thread_id": "13748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000028b4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 581 }, { "timestamp": "2026-05-28 21:44:02,719", "thread_id": "11008", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000023d8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 582 }, { "timestamp": "2026-05-28 21:44:02,719", "thread_id": "6324", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000022e8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x02acf3d0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 583 }, { "timestamp": "2026-05-28 21:44:02,765", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000dbc" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 584 }, { "timestamp": "2026-05-28 21:44:02,765", "thread_id": "13748", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CapabilityAccessManagerClient" }, { "name": "DllBase", "value": "0x7ffc0d0a0000" } ], "repeated": 0, "id": 585 }, { "timestamp": "2026-05-28 21:44:02,875", "thread_id": "5008", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000338-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 586 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "4380", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 587 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 588 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000057c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 589 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000025e0" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 590 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "5008", "caller": "0x7ffc2b479794", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F6C29334-47DC-4397-9150-F549CF1D4861" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 591 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "5008", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000022e8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x0790e5e0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 592 }, { "timestamp": "2026-05-28 21:44:02,890", "thread_id": "5008", "caller": "0x7ffc2b479794", "parentcaller": "0x7ffc259ab1dd", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F6C29334-47DC-4397-9150-F549CF1D4861" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 593 }, { "timestamp": "2026-05-28 21:44:02,953", "thread_id": "13724", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ef8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x0839f800" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 594 }, { "timestamp": "2026-05-28 21:44:03,062", "thread_id": "4908", "caller": "0x7ff6510911b7", "parentcaller": "0x7ff6510914a4", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "95B63696-18B6-4D3E-8EC2-CDB4352318EB" }, { "name": "ClsContext", "value": "0x00000401", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "5FEFBB8E-82C3-4EC4-93A0-05C4B9FCD4CD" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 595 }, { "timestamp": "2026-05-28 21:44:03,094", "thread_id": "5008", "caller": "0x7ffc2d0fed8a", "parentcaller": "0x7ffc2d11db07", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x08daf000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 596 }, { "timestamp": "2026-05-28 21:44:03,328", "thread_id": "13748", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\CapabilityAccessManagerClient.dll" }, { "name": "BaseAddress", "value": "0x7ffc0d0a0000" } ], "repeated": 0, "id": 597 }, { "timestamp": "2026-05-28 21:44:03,328", "thread_id": "13748", "caller": "0x7ffc2d0fed8a", "parentcaller": "0x7ffc2d11db07", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0e0a5000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 598 }, { "timestamp": "2026-05-28 21:44:03,375", "thread_id": "13748", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 599 }, { "timestamp": "2026-05-28 21:44:06,109", "thread_id": "4380", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 600 }, { "timestamp": "2026-05-28 21:44:06,109", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 601 }, { "timestamp": "2026-05-28 21:44:06,125", "thread_id": "13732", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000ee8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 602 }, { "timestamp": "2026-05-28 21:44:06,140", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000057c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 603 }, { "timestamp": "2026-05-28 21:44:06,140", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f18" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 604 }, { "timestamp": "2026-05-28 21:44:06,172", "thread_id": "6324", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000022e8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x02acf3d0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 605 }, { "timestamp": "2026-05-28 21:44:06,219", "thread_id": "3132", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000a00" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 606 }, { "timestamp": "2026-05-28 21:44:06,219", "thread_id": "5008", "caller": "0x7ffc2b479794", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F6C29334-47DC-4397-9150-F549CF1D4861" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 607 }, { "timestamp": "2026-05-28 21:44:06,219", "thread_id": "5008", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000022e8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x0790e5e0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 608 }, { "timestamp": "2026-05-28 21:44:06,219", "thread_id": "5008", "caller": "0x7ffc2b479794", "parentcaller": "0x7ffc259ab1dd", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F6C29334-47DC-4397-9150-F549CF1D4861" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 609 }, { "timestamp": "2026-05-28 21:44:07,312", "thread_id": "3132", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ef4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 610 }, { "timestamp": "2026-05-28 21:44:07,859", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 611 }, { "timestamp": "2026-05-28 21:44:07,859", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 612 }, { "timestamp": "2026-05-28 21:44:07,859", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 613 }, { "timestamp": "2026-05-28 21:44:07,859", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 614 }, { "timestamp": "2026-05-28 21:44:07,890", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 615 }, { "timestamp": "2026-05-28 21:44:07,890", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 616 }, { "timestamp": "2026-05-28 21:44:07,906", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 617 }, { "timestamp": "2026-05-28 21:44:07,906", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 618 }, { "timestamp": "2026-05-28 21:44:07,922", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 619 }, { "timestamp": "2026-05-28 21:44:07,922", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 620 }, { "timestamp": "2026-05-28 21:44:07,937", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 621 }, { "timestamp": "2026-05-28 21:44:07,937", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 622 }, { "timestamp": "2026-05-28 21:44:07,953", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 623 }, { "timestamp": "2026-05-28 21:44:07,953", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 624 }, { "timestamp": "2026-05-28 21:44:07,969", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 625 }, { "timestamp": "2026-05-28 21:44:07,969", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 626 }, { "timestamp": "2026-05-28 21:44:07,984", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 627 }, { "timestamp": "2026-05-28 21:44:07,984", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 628 }, { "timestamp": "2026-05-28 21:44:08,000", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 629 }, { "timestamp": "2026-05-28 21:44:08,000", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 630 }, { "timestamp": "2026-05-28 21:44:08,015", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 631 }, { "timestamp": "2026-05-28 21:44:08,015", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 632 }, { "timestamp": "2026-05-28 21:44:08,031", "thread_id": "4908", "caller": "0x7ff6510ea06e", "parentcaller": "0x7ff6510d6f8c", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 633 }, { "timestamp": "2026-05-28 21:44:08,031", "thread_id": "4908", "caller": "0x7ff6510ea0c1", "parentcaller": "0x7ff6510d6f8c", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 634 }, { "timestamp": "2026-05-28 21:44:12,828", "thread_id": "5576", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000057c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 635 }, { "timestamp": "2026-05-28 21:44:16,640", "thread_id": "4380", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 636 }, { "timestamp": "2026-05-28 21:44:16,640", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 637 }, { "timestamp": "2026-05-28 21:44:16,640", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f10" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 638 }, { "timestamp": "2026-05-28 21:44:16,640", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000025e0" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 639 }, { "timestamp": "2026-05-28 21:44:17,078", "thread_id": "4380", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 640 }, { "timestamp": "2026-05-28 21:44:17,078", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 641 }, { "timestamp": "2026-05-28 21:44:17,078", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000a9c" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 642 }, { "timestamp": "2026-05-28 21:44:17,078", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000d80" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 643 }, { "timestamp": "2026-05-28 21:44:17,094", "thread_id": "11008", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000be4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x07a8f970" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 644 }, { "timestamp": "2026-05-28 21:44:17,109", "thread_id": "5008", "caller": "0x7ffc2b479794", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F6C29334-47DC-4397-9150-F549CF1D4861" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 645 }, { "timestamp": "2026-05-28 21:44:17,109", "thread_id": "5008", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc232", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000057c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x00b60000" }, { "name": "SectionOffset", "value": "0x0790e5e0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 646 }, { "timestamp": "2026-05-28 21:44:17,109", "thread_id": "5008", "caller": "0x7ffc2b479794", "parentcaller": "0x7ffc259ab1dd", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "F6C29334-47DC-4397-9150-F549CF1D4861" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 647 }, { "timestamp": "2026-05-28 21:44:20,328", "thread_id": "5040", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc2d1616e9", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 648 }, { "timestamp": "2026-05-28 21:44:20,594", "thread_id": "4380", "caller": "0x7ff6510e9d10", "parentcaller": "0x7ff6510e9c74", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "DE25675A-72DE-44B4-9373-05170450C140" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 649 }, { "timestamp": "2026-05-28 21:44:20,594", "thread_id": "4380", "caller": "0x7ff6510e9d60", "parentcaller": "0x7ff6510e9c74", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 650 }, { "timestamp": "2026-05-28 21:44:20,594", "thread_id": "5008", "caller": "0x7ffc13d2d59f", "parentcaller": "0x7ffc13d6c80c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000edc" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 651 }, { "timestamp": "2026-05-28 21:44:20,594", "thread_id": "5008", "caller": "0x7ffc13d2e842", "parentcaller": "0x7ffc13d2d62c", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f08" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\Bam" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 652 }, { "timestamp": "2026-05-28 21:44:21,187", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 653 }, { "timestamp": "2026-05-28 21:44:21,187", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000edc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 654 }, { "timestamp": "2026-05-28 21:44:21,187", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 655 }, { "timestamp": "2026-05-28 21:44:21,187", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000edc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 656 }, { "timestamp": "2026-05-28 21:44:21,187", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000f08" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 657 }, { "timestamp": "2026-05-28 21:44:21,187", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 658 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 659 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 660 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 661 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 662 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 663 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 664 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 665 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 666 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 667 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 668 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 669 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 670 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 671 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 672 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 673 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 674 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 675 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 676 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 677 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 678 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 679 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 680 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00002408" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 681 }, { "timestamp": "2026-05-28 21:44:21,203", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 682 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 683 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000edc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 684 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 685 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 686 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000edc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 687 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 688 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ed4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 689 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000edc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 690 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 691 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000edc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 692 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000f08" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 693 }, { "timestamp": "2026-05-28 21:44:21,234", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 694 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000edc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 695 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000f08" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 696 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 697 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 698 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 699 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 700 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 701 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 702 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 703 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 704 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 705 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 706 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 707 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 708 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 709 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 710 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 711 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 712 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000edc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 713 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000f08" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 714 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 715 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 716 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 717 }, { "timestamp": "2026-05-28 21:44:21,297", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 718 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 719 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 720 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 721 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 722 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 723 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 724 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 725 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 726 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff65110a1eb", "parentcaller": "0x7ff65111ef5d", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 727 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 728 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000ec4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00129000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 729 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510d23a8", "parentcaller": "0x7ff6510d2e19", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x11350000" }, { "name": "RegionSize", "value": "0x00129000" } ], "repeated": 0, "id": 730 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510ec21a", "parentcaller": "0x7ff6510d2b6f", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B" }, { "name": "ClsContext", "value": "0x00000003", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER" }, { "name": "riid", "value": "21CBC515-2DDE-4D66-8292-BA34BD25094A" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 731 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510ec285", "parentcaller": "0x7ff6510d2b6f", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 732 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510ec285", "parentcaller": "0x7ff6510d2b6f", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 733 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510ec285", "parentcaller": "0x7ff6510d2b6f", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 734 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510ec285", "parentcaller": "0x7ff6510d2b6f", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000eb8" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 735 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff651111e2d", "parentcaller": "0x7ff6510cc798", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\rsaenh.dll" }, { "name": "BaseAddress", "value": "0x7ffc297d0000" } ], "repeated": 1, "id": 736 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510cdd72", "parentcaller": "0x7ff6510cc5b7", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ec4" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 737 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510cdd72", "parentcaller": "0x7ff6510cc5b7", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ec4" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 738 }, { "timestamp": "2026-05-28 21:44:21,312", "thread_id": "4908", "caller": "0x7ff6510cdd72", "parentcaller": "0x7ff6510cc5b7", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ec4" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 739 } ], "threads": [ "4908", "5008", "3848", "5576", "276", "5616", "4148", "4232", "5708", "3312", "5284", "5040", "3636", "1492", "5024", "4924", "4984", "5460", "12156", "8752", "6324", "13152", "7868", "13724", "13736", "13732", "4380", "11008", "13748", "3132" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "C:\\Windows\\Explorer.EXE", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff651080000", "MainExeSize": "0x00546000", "Bitness": "64-bit" }, "file_activities": { "read_files": [], "write_files": [], "delete_files": [] } }, { "process_id": 2072, "process_name": "chrome.exe", "parent_id": 4248, "module_path": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", "first_seen": "2026-05-28 21:41:40,943", "calls": [ { "timestamp": "2026-05-28 21:41:41,006", "thread_id": "1884", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\bcryptprimitives" }, { "name": "DllBase", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 0 }, { "timestamp": "2026-05-28 21:41:41,006", "thread_id": "1884", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 1 }, { "timestamp": "2026-05-28 21:41:41,021", "thread_id": "1884", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\ntmarta" }, { "name": "DllBase", "value": "0x7ffc298f0000" } ], "repeated": 0, "id": 2 }, { "timestamp": "2026-05-28 21:41:41,037", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000027c" }, { "name": "ThreadHandle", "value": "0x00000278" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" \"--metrics-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=148.0.7778.217 --initial-client-data=0x268,0x26c,0x270,0x24c,0x274,0x7ffc136be9c0,0x7ffc136be9cc,0x7ffc136be9d8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "1264" } ], "repeated": 0, "id": 3 }, { "timestamp": "2026-05-28 21:41:41,037", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 4 }, { "timestamp": "2026-05-28 21:41:41,037", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\Wldp" }, { "name": "DllBase", "value": "0x7ffc2a140000" } ], "repeated": 0, "id": 5 }, { "timestamp": "2026-05-28 21:41:41,037", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\windows.storage" }, { "name": "DllBase", "value": "0x7ffc288b0000" } ], "repeated": 0, "id": 6 }, { "timestamp": "2026-05-28 21:41:41,053", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 7 }, { "timestamp": "2026-05-28 21:41:41,068", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" \"--metrics-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=148.0.7778.217 --initial-client-data=0x268,0x26c,0x270,0x24c,0x274,0x7ffc136be9c0,0x7ffc136be9cc,0x7ffc136be9d8" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "1264" }, { "name": "ThreadId", "value": "1260" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x0000027c" }, { "name": "ThreadHandle", "value": "0x00000278" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8 }, { "timestamp": "2026-05-28 21:41:41,115", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": false, "return": "0x40000003", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 9 }, { "timestamp": "2026-05-28 21:41:41,225", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 10 }, { "timestamp": "2026-05-28 21:41:41,240", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WINMM" }, { "name": "DllBase", "value": "0x7ffc15250000" } ], "repeated": 0, "id": 11 }, { "timestamp": "2026-05-28 21:41:41,240", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DWrite" }, { "name": "DllBase", "value": "0x7ffc1e180000" } ], "repeated": 0, "id": 12 }, { "timestamp": "2026-05-28 21:41:41,240", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DPAPI" }, { "name": "DllBase", "value": "0x7ffc2a4f0000" } ], "repeated": 0, "id": 13 }, { "timestamp": "2026-05-28 21:41:41,240", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome" }, { "name": "DllBase", "value": "0x7ffbd4d10000" } ], "repeated": 0, "id": 14 }, { "timestamp": "2026-05-28 21:41:41,256", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 15 }, { "timestamp": "2026-05-28 21:41:41,256", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\KBDUS" }, { "name": "DllBase", "value": "0x7ffc17fd0000" } ], "repeated": 0, "id": 16 }, { "timestamp": "2026-05-28 21:41:41,256", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\KBDUS" }, { "name": "DllBase", "value": "0x7ffc17fd0000" } ], "repeated": 0, "id": 17 }, { "timestamp": "2026-05-28 21:41:41,256", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 18 }, { "timestamp": "2026-05-28 21:41:41,271", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\uxtheme" }, { "name": "DllBase", "value": "0x7ffc28160000" } ], "repeated": 0, "id": 19 }, { "timestamp": "2026-05-28 21:41:41,271", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 20 }, { "timestamp": "2026-05-28 21:41:41,271", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\USERENV" }, { "name": "DllBase", "value": "0x7ffc2a6c0000" } ], "repeated": 0, "id": 21 }, { "timestamp": "2026-05-28 21:41:41,271", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 22 }, { "timestamp": "2026-05-28 21:41:41,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\gpapi" }, { "name": "DllBase", "value": "0x7ffc29060000" } ], "repeated": 0, "id": 23 }, { "timestamp": "2026-05-28 21:41:41,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 24 }, { "timestamp": "2026-05-28 21:41:41,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wkscli" }, { "name": "DllBase", "value": "0x7ffc29930000" } ], "repeated": 0, "id": 25 }, { "timestamp": "2026-05-28 21:41:41,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 26 }, { "timestamp": "2026-05-28 21:41:41,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\netutils" }, { "name": "DllBase", "value": "0x7ffc29ca0000" } ], "repeated": 0, "id": 27 }, { "timestamp": "2026-05-28 21:41:41,303", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 28 }, { "timestamp": "2026-05-28 21:41:41,303", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\netapi32" }, { "name": "DllBase", "value": "0x7ffc17770000" } ], "repeated": 0, "id": 29 }, { "timestamp": "2026-05-28 21:41:41,303", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 30 }, { "timestamp": "2026-05-28 21:41:41,318", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 31 }, { "timestamp": "2026-05-28 21:41:41,318", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\cryptsp" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 32 }, { "timestamp": "2026-05-28 21:41:41,318", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DSREG" }, { "name": "DllBase", "value": "0x7ffc27830000" } ], "repeated": 0, "id": 33 }, { "timestamp": "2026-05-28 21:41:41,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 34 }, { "timestamp": "2026-05-28 21:41:41,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\profapi" }, { "name": "DllBase", "value": "0x7ffc2a700000" } ], "repeated": 0, "id": 35 }, { "timestamp": "2026-05-28 21:41:41,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\system32\\netapi32" }, { "name": "DllBase", "value": "0x7ffc17770000" } ], "repeated": 0, "id": 36 }, { "timestamp": "2026-05-28 21:41:41,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DSREG" }, { "name": "DllBase", "value": "0x7ffc27830000" } ], "repeated": 0, "id": 37 }, { "timestamp": "2026-05-28 21:41:41,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 38 }, { "timestamp": "2026-05-28 21:41:41,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\cryptsp" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 39 }, { "timestamp": "2026-05-28 21:41:41,350", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 4, "id": 40 }, { "timestamp": "2026-05-28 21:41:41,381", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MSCTF" }, { "name": "DllBase", "value": "0x7ffc2b280000" } ], "repeated": 0, "id": 41 }, { "timestamp": "2026-05-28 21:41:41,381", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 42 }, { "timestamp": "2026-05-28 21:41:41,381", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 43 }, { "timestamp": "2026-05-28 21:41:41,381", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 44 }, { "timestamp": "2026-05-28 21:41:41,381", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\powrprof" }, { "name": "DllBase", "value": "0x7ffc2a630000" } ], "repeated": 0, "id": 45 }, { "timestamp": "2026-05-28 21:41:41,396", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 46 }, { "timestamp": "2026-05-28 21:41:41,396", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\UMPDC" }, { "name": "DllBase", "value": "0x7ffc2a560000" } ], "repeated": 0, "id": 47 }, { "timestamp": "2026-05-28 21:41:41,396", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 48 }, { "timestamp": "2026-05-28 21:41:41,396", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\kernel.appcore" }, { "name": "DllBase", "value": "0x7ffc286b0000" } ], "repeated": 0, "id": 49 }, { "timestamp": "2026-05-28 21:41:41,396", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 4, "id": 50 }, { "timestamp": "2026-05-28 21:41:41,428", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\\COMCTL32" }, { "name": "DllBase", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 51 }, { "timestamp": "2026-05-28 21:41:41,428", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 52 }, { "timestamp": "2026-05-28 21:41:41,443", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\IPHLPAPI" }, { "name": "DllBase", "value": "0x7ffc29b90000" } ], "repeated": 0, "id": 53 }, { "timestamp": "2026-05-28 21:41:41,443", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\NLAapi" }, { "name": "DllBase", "value": "0x7ffc26180000" } ], "repeated": 0, "id": 54 }, { "timestamp": "2026-05-28 21:41:41,443", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 55 }, { "timestamp": "2026-05-28 21:41:41,459", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\NSI" }, { "name": "DllBase", "value": "0x7ffc2c7b0000" } ], "repeated": 0, "id": 56 }, { "timestamp": "2026-05-28 21:41:41,459", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 57 }, { "timestamp": "2026-05-28 21:41:41,459", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\dhcpcsvc6" }, { "name": "DllBase", "value": "0x7ffc232d0000" } ], "repeated": 0, "id": 58 }, { "timestamp": "2026-05-28 21:41:41,459", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 59 }, { "timestamp": "2026-05-28 21:41:41,459", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\dhcpcsvc" }, { "name": "DllBase", "value": "0x7ffc232b0000" } ], "repeated": 0, "id": 60 }, { "timestamp": "2026-05-28 21:41:41,459", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 61 }, { "timestamp": "2026-05-28 21:41:41,475", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DNSAPI" }, { "name": "DllBase", "value": "0x7ffc29bd0000" } ], "repeated": 0, "id": 62 }, { "timestamp": "2026-05-28 21:41:41,475", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 4, "id": 63 }, { "timestamp": "2026-05-28 21:41:41,490", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\clbcatq" }, { "name": "DllBase", "value": "0x7ffc2c9c0000" } ], "repeated": 0, "id": 64 }, { "timestamp": "2026-05-28 21:41:41,506", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 5, "id": 65 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreMessaging" }, { "name": "DllBase", "value": "0x7ffc27dc0000" } ], "repeated": 0, "id": 66 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wintypes" }, { "name": "DllBase", "value": "0x7ffc26fe0000" } ], "repeated": 0, "id": 67 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreUIComponents" }, { "name": "DllBase", "value": "0x7ffc27980000" } ], "repeated": 0, "id": 68 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\textinputframework" }, { "name": "DllBase", "value": "0x7ffc1fa90000" } ], "repeated": 0, "id": 69 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 70 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\twinapi.appcore" }, { "name": "DllBase", "value": "0x7ffc25980000" } ], "repeated": 0, "id": 71 }, { "timestamp": "2026-05-28 21:41:41,537", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 72 }, { "timestamp": "2026-05-28 21:41:41,553", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\twinapi" }, { "name": "DllBase", "value": "0x7ffc17530000" } ], "repeated": 0, "id": 73 }, { "timestamp": "2026-05-28 21:41:41,553", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 8, "id": 74 }, { "timestamp": "2026-05-28 21:41:41,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\WindowManagementAPI" }, { "name": "DllBase", "value": "0x7ffc25b90000" } ], "repeated": 0, "id": 75 }, { "timestamp": "2026-05-28 21:41:41,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\PROPSYS" }, { "name": "DllBase", "value": "0x7ffc27140000" } ], "repeated": 0, "id": 76 }, { "timestamp": "2026-05-28 21:41:41,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\InputHost" }, { "name": "DllBase", "value": "0x7ffc1f650000" } ], "repeated": 0, "id": 77 }, { "timestamp": "2026-05-28 21:41:41,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.UI" }, { "name": "DllBase", "value": "0x7ffc1fb90000" } ], "repeated": 0, "id": 78 }, { "timestamp": "2026-05-28 21:41:41,600", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 79 }, { "timestamp": "2026-05-28 21:41:41,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 80 }, { "timestamp": "2026-05-28 21:41:41,615", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 81 }, { "timestamp": "2026-05-28 21:41:41,615", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 82 }, { "timestamp": "2026-05-28 21:41:41,615", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 83 }, { "timestamp": "2026-05-28 21:41:41,615", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\MDMRegistration" }, { "name": "DllBase", "value": "0x7ffc20270000" } ], "repeated": 0, "id": 84 }, { "timestamp": "2026-05-28 21:41:41,615", "thread_id": "428", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "428" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 85 }, { "timestamp": "2026-05-28 21:41:41,615", "thread_id": "428", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WTSAPI32" }, { "name": "DllBase", "value": "0x7ffc27460000" } ], "repeated": 0, "id": 86 }, { "timestamp": "2026-05-28 21:41:41,631", "thread_id": "428", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "428" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 87 }, { "timestamp": "2026-05-28 21:41:41,631", "thread_id": "428", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WINSTA" }, { "name": "DllBase", "value": "0x7ffc2a500000" } ], "repeated": 0, "id": 88 }, { "timestamp": "2026-05-28 21:41:41,631", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2144" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 89 }, { "timestamp": "2026-05-28 21:41:41,646", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ColorAdapterClient" }, { "name": "DllBase", "value": "0x7ffc257d0000" } ], "repeated": 0, "id": 90 }, { "timestamp": "2026-05-28 21:41:41,646", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\mscms" }, { "name": "DllBase", "value": "0x7ffc257f0000" } ], "repeated": 0, "id": 91 }, { "timestamp": "2026-05-28 21:41:41,662", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2144" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 92 }, { "timestamp": "2026-05-28 21:41:41,662", "thread_id": "5172", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 93 }, { "timestamp": "2026-05-28 21:41:41,662", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 94 }, { "timestamp": "2026-05-28 21:41:41,662", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 95 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 96 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "5172", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 97 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 98 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 99 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\cfgmgr32" }, { "name": "DllBase", "value": "0x7ffc2acd0000" } ], "repeated": 0, "id": 100 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 101 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\DEVOBJ" }, { "name": "DllBase", "value": "0x7ffc2a490000" } ], "repeated": 0, "id": 102 }, { "timestamp": "2026-05-28 21:41:41,678", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MMDevApi" }, { "name": "DllBase", "value": "0x7ffc23860000" } ], "repeated": 0, "id": 103 }, { "timestamp": "2026-05-28 21:41:41,693", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 104 }, { "timestamp": "2026-05-28 21:41:41,693", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 105 }, { "timestamp": "2026-05-28 21:41:41,693", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 106 }, { "timestamp": "2026-05-28 21:41:41,693", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 107 }, { "timestamp": "2026-05-28 21:41:41,709", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000888" }, { "name": "ThreadHandle", "value": "0x00000884" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --metrics-shmem-handle=2124,i,8991922744502408939,12035519159370364964,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2168 /prefetch:3" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "4360" } ], "repeated": 0, "id": 108 }, { "timestamp": "2026-05-28 21:41:41,709", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000089c" }, { "name": "ThreadHandle", "value": "0x00000898" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1760,i,13651363605794111286,5121436129363740046,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1980 /prefetch:2" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "3136" } ], "repeated": 0, "id": 109 }, { "timestamp": "2026-05-28 21:41:41,709", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 110 }, { "timestamp": "2026-05-28 21:41:41,725", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 111 }, { "timestamp": "2026-05-28 21:41:41,725", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 112 }, { "timestamp": "2026-05-28 21:41:41,725", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 113 }, { "timestamp": "2026-05-28 21:41:41,740", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 114 }, { "timestamp": "2026-05-28 21:41:41,740", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 115 }, { "timestamp": "2026-05-28 21:41:41,740", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --metrics-shmem-handle=2124,i,8991922744502408939,12035519159370364964,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2168 /prefetch:3" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "4360" }, { "name": "ThreadId", "value": "5420" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000888" }, { "name": "ThreadHandle", "value": "0x00000884" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 116 }, { "timestamp": "2026-05-28 21:41:41,740", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 117 }, { "timestamp": "2026-05-28 21:41:41,740", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 118 }, { "timestamp": "2026-05-28 21:41:41,756", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1760,i,13651363605794111286,5121436129363740046,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1980 /prefetch:2" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "3136" }, { "name": "ThreadId", "value": "3264" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x0000089c" }, { "name": "ThreadHandle", "value": "0x00000898" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 119 }, { "timestamp": "2026-05-28 21:41:41,756", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 120 }, { "timestamp": "2026-05-28 21:41:41,756", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 121 }, { "timestamp": "2026-05-28 21:41:41,787", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\CRYPTSP" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 122 }, { "timestamp": "2026-05-28 21:41:41,803", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 123 }, { "timestamp": "2026-05-28 21:41:41,818", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ncrypt" }, { "name": "DllBase", "value": "0x7ffc2a1b0000" } ], "repeated": 0, "id": 124 }, { "timestamp": "2026-05-28 21:41:41,818", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\imagehlp" }, { "name": "DllBase", "value": "0x7ffc2b260000" } ], "repeated": 0, "id": 125 }, { "timestamp": "2026-05-28 21:41:41,818", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\tbs" }, { "name": "DllBase", "value": "0x7ffc236c0000" } ], "repeated": 0, "id": 126 }, { "timestamp": "2026-05-28 21:41:41,818", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DMCmnUtils" }, { "name": "DllBase", "value": "0x7ffc1af70000" } ], "repeated": 0, "id": 127 }, { "timestamp": "2026-05-28 21:41:41,834", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\omadmapi" }, { "name": "DllBase", "value": "0x7ffc20230000" } ], "repeated": 0, "id": 128 }, { "timestamp": "2026-05-28 21:41:41,850", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 129 }, { "timestamp": "2026-05-28 21:41:41,850", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\NTASN1" }, { "name": "DllBase", "value": "0x7ffc2a170000" } ], "repeated": 0, "id": 130 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\MDMRegistration" }, { "name": "DllBase", "value": "0x7ffc20270000" } ], "repeated": 0, "id": 131 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\omadmapi" }, { "name": "DllBase", "value": "0x7ffc20230000" } ], "repeated": 0, "id": 132 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 133 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DMCmnUtils" }, { "name": "DllBase", "value": "0x7ffc1af70000" } ], "repeated": 0, "id": 134 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\CRYPTSP" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 135 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ncrypt" }, { "name": "DllBase", "value": "0x7ffc2a1b0000" } ], "repeated": 0, "id": 136 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\NTASN1" }, { "name": "DllBase", "value": "0x7ffc2a170000" } ], "repeated": 0, "id": 137 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\tbs" }, { "name": "DllBase", "value": "0x7ffc236c0000" } ], "repeated": 0, "id": 138 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\imagehlp" }, { "name": "DllBase", "value": "0x7ffc2b260000" } ], "repeated": 0, "id": 139 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 140 }, { "timestamp": "2026-05-28 21:41:41,865", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.UI.Immersive" }, { "name": "DllBase", "value": "0x7ffc1e400000" } ], "repeated": 0, "id": 141 }, { "timestamp": "2026-05-28 21:41:41,881", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 142 }, { "timestamp": "2026-05-28 21:41:41,881", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 143 }, { "timestamp": "2026-05-28 21:41:41,896", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 144 }, { "timestamp": "2026-05-28 21:41:41,896", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\sxs" }, { "name": "DllBase", "value": "0x7ffc2a580000" } ], "repeated": 0, "id": 145 }, { "timestamp": "2026-05-28 21:41:41,896", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2144" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 146 }, { "timestamp": "2026-05-28 21:41:41,896", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 147 }, { "timestamp": "2026-05-28 21:41:41,912", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 148 }, { "timestamp": "2026-05-28 21:41:41,912", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 149 }, { "timestamp": "2026-05-28 21:41:41,912", "thread_id": "2164", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000009b4" }, { "name": "ThreadHandle", "value": "0x000009b0" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --metrics-shmem-handle=2364,i,6716272949696715985,16613973558693619772,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2408 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "5756" } ], "repeated": 0, "id": 150 }, { "timestamp": "2026-05-28 21:41:41,912", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 151 }, { "timestamp": "2026-05-28 21:41:41,928", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WINHTTP" }, { "name": "DllBase", "value": "0x7ffc22a50000" } ], "repeated": 0, "id": 152 }, { "timestamp": "2026-05-28 21:41:41,943", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 153 }, { "timestamp": "2026-05-28 21:41:41,943", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 154 }, { "timestamp": "2026-05-28 21:41:41,959", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 155 }, { "timestamp": "2026-05-28 21:41:41,959", "thread_id": "7840", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 156 }, { "timestamp": "2026-05-28 21:41:41,959", "thread_id": "2164", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2164" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 157 }, { "timestamp": "2026-05-28 21:41:41,975", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 158 }, { "timestamp": "2026-05-28 21:41:41,975", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 159 }, { "timestamp": "2026-05-28 21:41:41,990", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 160 }, { "timestamp": "2026-05-28 21:41:41,990", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 161 }, { "timestamp": "2026-05-28 21:41:42,006", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 162 }, { "timestamp": "2026-05-28 21:41:42,006", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 163 }, { "timestamp": "2026-05-28 21:41:42,021", "thread_id": "2164", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --metrics-shmem-handle=2364,i,6716272949696715985,16613973558693619772,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2408 /prefetch:8" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "5756" }, { "name": "ThreadId", "value": "7660" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x000009b4" }, { "name": "ThreadHandle", "value": "0x000009b0" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 164 }, { "timestamp": "2026-05-28 21:41:42,021", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 165 }, { "timestamp": "2026-05-28 21:41:42,037", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 166 }, { "timestamp": "2026-05-28 21:41:42,037", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 167 }, { "timestamp": "2026-05-28 21:41:42,053", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 168 }, { "timestamp": "2026-05-28 21:41:42,053", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 169 }, { "timestamp": "2026-05-28 21:41:42,053", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 170 }, { "timestamp": "2026-05-28 21:41:42,068", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 171 }, { "timestamp": "2026-05-28 21:41:42,068", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\RMCLIENT" }, { "name": "DllBase", "value": "0x7ffc284d0000" } ], "repeated": 0, "id": 172 }, { "timestamp": "2026-05-28 21:41:42,068", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 173 }, { "timestamp": "2026-05-28 21:41:42,084", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 174 }, { "timestamp": "2026-05-28 21:41:42,100", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\XmlLite" }, { "name": "DllBase", "value": "0x7ffc26310000" } ], "repeated": 0, "id": 175 }, { "timestamp": "2026-05-28 21:41:42,100", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\wpnapps" }, { "name": "DllBase", "value": "0x7ffc16860000" } ], "repeated": 0, "id": 176 }, { "timestamp": "2026-05-28 21:41:42,100", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 177 }, { "timestamp": "2026-05-28 21:41:42,100", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 178 }, { "timestamp": "2026-05-28 21:41:42,115", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\usermgrcli" }, { "name": "DllBase", "value": "0x7ffc25960000" } ], "repeated": 0, "id": 179 }, { "timestamp": "2026-05-28 21:41:42,115", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 180 }, { "timestamp": "2026-05-28 21:41:42,115", "thread_id": "2224", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2224" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 181 }, { "timestamp": "2026-05-28 21:41:42,115", "thread_id": "2224", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CryptoWinRT" }, { "name": "DllBase", "value": "0x7ffc0c8d0000" } ], "repeated": 0, "id": 182 }, { "timestamp": "2026-05-28 21:41:42,115", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 183 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2988" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 184 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 185 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2988" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 186 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 187 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\ncrypt" }, { "name": "DllBase", "value": "0x7ffc2a1b0000" } ], "repeated": 0, "id": 188 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\cryptngc" }, { "name": "DllBase", "value": "0x7ffc23c70000" } ], "repeated": 0, "id": 189 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 190 }, { "timestamp": "2026-05-28 21:41:42,131", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2988" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 191 }, { "timestamp": "2026-05-28 21:41:42,146", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\NTASN1" }, { "name": "DllBase", "value": "0x7ffc2a170000" } ], "repeated": 0, "id": 192 }, { "timestamp": "2026-05-28 21:41:42,146", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 193 }, { "timestamp": "2026-05-28 21:41:42,146", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2988" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 194 }, { "timestamp": "2026-05-28 21:41:42,146", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\ngcksp" }, { "name": "DllBase", "value": "0x7ffc0c8a0000" } ], "repeated": 0, "id": 195 }, { "timestamp": "2026-05-28 21:41:42,146", "thread_id": "1464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1464" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 196 }, { "timestamp": "2026-05-28 21:41:42,162", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 197 }, { "timestamp": "2026-05-28 21:41:42,162", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CapabilityAccessManagerClient" }, { "name": "DllBase", "value": "0x7ffc0d0a0000" } ], "repeated": 0, "id": 198 }, { "timestamp": "2026-05-28 21:41:42,162", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 199 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\dxgi" }, { "name": "DllBase", "value": "0x7ffc29090000" } ], "repeated": 0, "id": 200 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\d3d11" }, { "name": "DllBase", "value": "0x7ffc26d70000" } ], "repeated": 0, "id": 201 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\dcomp" }, { "name": "DllBase", "value": "0x7ffc27240000" } ], "repeated": 0, "id": 202 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\dataexchange" }, { "name": "DllBase", "value": "0x7ffc14fc0000" } ], "repeated": 0, "id": 203 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 204 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 205 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub" }, { "name": "DllBase", "value": "0x7ffc24d40000" } ], "repeated": 0, "id": 206 }, { "timestamp": "2026-05-28 21:41:42,193", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 207 }, { "timestamp": "2026-05-28 21:41:42,209", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 208 }, { "timestamp": "2026-05-28 21:41:42,209", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\FirewallAPI" }, { "name": "DllBase", "value": "0x7ffc293f0000" } ], "repeated": 0, "id": 209 }, { "timestamp": "2026-05-28 21:41:42,209", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 210 }, { "timestamp": "2026-05-28 21:41:42,209", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 211 }, { "timestamp": "2026-05-28 21:41:42,225", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 212 }, { "timestamp": "2026-05-28 21:41:42,225", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\fwbase" }, { "name": "DllBase", "value": "0x7ffc293b0000" } ], "repeated": 0, "id": 213 }, { "timestamp": "2026-05-28 21:41:42,240", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 214 }, { "timestamp": "2026-05-28 21:41:42,240", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 215 }, { "timestamp": "2026-05-28 21:41:42,256", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 216 }, { "timestamp": "2026-05-28 21:41:42,256", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\usermgrproxy" }, { "name": "DllBase", "value": "0x7ffc23800000" } ], "repeated": 0, "id": 217 }, { "timestamp": "2026-05-28 21:41:42,256", "thread_id": "5348", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 218 }, { "timestamp": "2026-05-28 21:41:42,256", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 219 }, { "timestamp": "2026-05-28 21:41:42,256", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 220 }, { "timestamp": "2026-05-28 21:41:42,271", "thread_id": "2988", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2988" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 221 }, { "timestamp": "2026-05-28 21:41:42,271", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Media" }, { "name": "DllBase", "value": "0x7ffc06820000" } ], "repeated": 0, "id": 222 }, { "timestamp": "2026-05-28 21:41:42,271", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 223 }, { "timestamp": "2026-05-28 21:41:42,271", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 224 }, { "timestamp": "2026-05-28 21:41:42,287", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 225 }, { "timestamp": "2026-05-28 21:41:42,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 226 }, { "timestamp": "2026-05-28 21:41:42,287", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 227 }, { "timestamp": "2026-05-28 21:41:42,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 228 }, { "timestamp": "2026-05-28 21:41:42,287", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 229 }, { "timestamp": "2026-05-28 21:41:42,303", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000d74" }, { "name": "ThreadHandle", "value": "0x00000d68" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539972201 --metrics-shmem-handle=3300,i,6864544789388492662,1904890231814579921,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3416 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "4648" } ], "repeated": 0, "id": 230 }, { "timestamp": "2026-05-28 21:41:42,303", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\LINKINFO" }, { "name": "DllBase", "value": "0x7ffc1be00000" } ], "repeated": 0, "id": 231 }, { "timestamp": "2026-05-28 21:41:42,303", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 232 }, { "timestamp": "2026-05-28 21:41:42,303", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 233 }, { "timestamp": "2026-05-28 21:41:42,303", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 234 }, { "timestamp": "2026-05-28 21:41:42,303", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 235 }, { "timestamp": "2026-05-28 21:41:42,318", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000db8" }, { "name": "ThreadHandle", "value": "0x00000db0" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539984704 --metrics-shmem-handle=3460,i,18353002224121741580,13093445649205443798,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3508 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "5668" } ], "repeated": 0, "id": 236 }, { "timestamp": "2026-05-28 21:41:42,318", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 237 }, { "timestamp": "2026-05-28 21:41:42,318", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 238 }, { "timestamp": "2026-05-28 21:41:42,318", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 239 }, { "timestamp": "2026-05-28 21:41:42,318", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\dwmapi" }, { "name": "DllBase", "value": "0x7ffc283c0000" } ], "repeated": 0, "id": 240 }, { "timestamp": "2026-05-28 21:41:42,318", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 241 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 242 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 243 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "1880", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1880" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 244 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539972201 --metrics-shmem-handle=3300,i,6864544789388492662,1904890231814579921,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3416 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "4648" }, { "name": "ThreadId", "value": "4656" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000d74" }, { "name": "ThreadHandle", "value": "0x00000d68" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 245 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\OLEACC" }, { "name": "DllBase", "value": "0x7ffc15030000" } ], "repeated": 0, "id": 246 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 247 }, { "timestamp": "2026-05-28 21:41:42,334", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 248 }, { "timestamp": "2026-05-28 21:41:42,350", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 249 }, { "timestamp": "2026-05-28 21:41:42,350", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 250 }, { "timestamp": "2026-05-28 21:41:42,350", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539984704 --metrics-shmem-handle=3460,i,18353002224121741580,13093445649205443798,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3508 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "5668" }, { "name": "ThreadId", "value": "2352" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000db8" }, { "name": "ThreadHandle", "value": "0x00000db0" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 251 }, { "timestamp": "2026-05-28 21:41:42,350", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 252 }, { "timestamp": "2026-05-28 21:41:42,365", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 253 }, { "timestamp": "2026-05-28 21:41:42,365", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\directmanipulation" }, { "name": "DllBase", "value": "0x7ffc1d050000" } ], "repeated": 0, "id": 254 }, { "timestamp": "2026-05-28 21:41:42,365", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 255 }, { "timestamp": "2026-05-28 21:41:42,381", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 256 }, { "timestamp": "2026-05-28 21:41:42,381", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 257 }, { "timestamp": "2026-05-28 21:41:42,396", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 258 }, { "timestamp": "2026-05-28 21:41:42,412", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 259 }, { "timestamp": "2026-05-28 21:41:42,412", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 260 }, { "timestamp": "2026-05-28 21:41:42,412", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2144" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 261 }, { "timestamp": "2026-05-28 21:41:42,475", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 262 }, { "timestamp": "2026-05-28 21:41:42,475", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 263 }, { "timestamp": "2026-05-28 21:41:42,475", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 264 }, { "timestamp": "2026-05-28 21:41:42,475", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\explorerframe" }, { "name": "DllBase", "value": "0x7ffc14d70000" } ], "repeated": 0, "id": 265 }, { "timestamp": "2026-05-28 21:41:42,475", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2144" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 266 }, { "timestamp": "2026-05-28 21:41:42,475", "thread_id": "1188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1188" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 267 }, { "timestamp": "2026-05-28 21:41:42,490", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 268 }, { "timestamp": "2026-05-28 21:41:42,490", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000fa4" }, { "name": "ThreadHandle", "value": "0x00000f90" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540171200 --metrics-shmem-handle=3860,i,7480903360239469260,9372336423967034872,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3976 /prefetch:2" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "8428" } ], "repeated": 0, "id": 269 }, { "timestamp": "2026-05-28 21:41:42,506", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 270 }, { "timestamp": "2026-05-28 21:41:42,521", "thread_id": "2164", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2164" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 271 }, { "timestamp": "2026-05-28 21:41:42,521", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 272 }, { "timestamp": "2026-05-28 21:41:42,521", "thread_id": "2224", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2224" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 273 }, { "timestamp": "2026-05-28 21:41:42,521", "thread_id": "2144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2144" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 274 }, { "timestamp": "2026-05-28 21:41:42,537", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 275 }, { "timestamp": "2026-05-28 21:41:42,553", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 276 }, { "timestamp": "2026-05-28 21:41:42,553", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 277 }, { "timestamp": "2026-05-28 21:41:42,568", "thread_id": "1964", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1964" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 278 }, { "timestamp": "2026-05-28 21:41:42,568", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 279 }, { "timestamp": "2026-05-28 21:41:42,568", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 280 }, { "timestamp": "2026-05-28 21:41:42,615", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\wlanapi" }, { "name": "DllBase", "value": "0x7ffc22e90000" } ], "repeated": 0, "id": 281 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 282 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 283 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\system32\\wlanapi" }, { "name": "DllBase", "value": "0x7ffc22e90000" } ], "repeated": 0, "id": 284 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "7616", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7616" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 285 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 286 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "1964", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1964" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 287 }, { "timestamp": "2026-05-28 21:41:42,631", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 288 }, { "timestamp": "2026-05-28 21:41:42,646", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540171200 --metrics-shmem-handle=3860,i,7480903360239469260,9372336423967034872,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3976 /prefetch:2" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "8428" }, { "name": "ThreadId", "value": "8432" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000fa4" }, { "name": "ThreadHandle", "value": "0x00000f90" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 289 }, { "timestamp": "2026-05-28 21:41:42,646", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 290 }, { "timestamp": "2026-05-28 21:41:42,646", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 291 }, { "timestamp": "2026-05-28 21:41:42,662", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 292 }, { "timestamp": "2026-05-28 21:41:42,662", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 293 }, { "timestamp": "2026-05-28 21:41:42,662", "thread_id": "7616", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\MSASN1" }, { "name": "DllBase", "value": "0x7ffc2a2d0000" } ], "repeated": 0, "id": 294 }, { "timestamp": "2026-05-28 21:41:42,662", "thread_id": "7616", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7616" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 295 }, { "timestamp": "2026-05-28 21:41:42,678", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 296 }, { "timestamp": "2026-05-28 21:41:42,678", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 297 }, { "timestamp": "2026-05-28 21:41:42,678", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 298 }, { "timestamp": "2026-05-28 21:41:42,693", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 299 }, { "timestamp": "2026-05-28 21:41:42,693", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 300 }, { "timestamp": "2026-05-28 21:41:42,693", "thread_id": "7616", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\CRYPTSP" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 301 }, { "timestamp": "2026-05-28 21:41:42,709", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 302 }, { "timestamp": "2026-05-28 21:41:42,709", "thread_id": "7616", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7616" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 303 }, { "timestamp": "2026-05-28 21:41:42,725", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 304 }, { "timestamp": "2026-05-28 21:41:42,725", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 305 }, { "timestamp": "2026-05-28 21:41:42,725", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 306 }, { "timestamp": "2026-05-28 21:41:42,725", "thread_id": "7616", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\rsaenh" }, { "name": "DllBase", "value": "0x7ffc297d0000" } ], "repeated": 0, "id": 307 }, { "timestamp": "2026-05-28 21:41:42,740", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 308 }, { "timestamp": "2026-05-28 21:41:42,740", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 309 }, { "timestamp": "2026-05-28 21:41:42,740", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 310 }, { "timestamp": "2026-05-28 21:41:42,756", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 311 }, { "timestamp": "2026-05-28 21:41:42,756", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 312 }, { "timestamp": "2026-05-28 21:41:42,756", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 313 }, { "timestamp": "2026-05-28 21:41:42,771", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 314 }, { "timestamp": "2026-05-28 21:41:42,771", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 315 }, { "timestamp": "2026-05-28 21:41:42,771", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 316 }, { "timestamp": "2026-05-28 21:41:42,787", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 317 }, { "timestamp": "2026-05-28 21:41:42,803", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 318 }, { "timestamp": "2026-05-28 21:41:42,818", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 319 }, { "timestamp": "2026-05-28 21:41:42,818", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 320 }, { "timestamp": "2026-05-28 21:41:42,818", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 321 }, { "timestamp": "2026-05-28 21:41:42,818", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 322 }, { "timestamp": "2026-05-28 21:41:42,834", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 323 }, { "timestamp": "2026-05-28 21:41:42,834", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 324 }, { "timestamp": "2026-05-28 21:41:42,834", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 325 }, { "timestamp": "2026-05-28 21:41:42,834", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 326 }, { "timestamp": "2026-05-28 21:41:42,834", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 327 }, { "timestamp": "2026-05-28 21:41:42,834", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 328 }, { "timestamp": "2026-05-28 21:41:42,850", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 329 }, { "timestamp": "2026-05-28 21:41:42,850", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 330 }, { "timestamp": "2026-05-28 21:41:42,850", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 331 }, { "timestamp": "2026-05-28 21:41:42,850", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 19, "id": 332 }, { "timestamp": "2026-05-28 21:41:42,959", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 333 }, { "timestamp": "2026-05-28 21:41:42,959", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 334 }, { "timestamp": "2026-05-28 21:41:42,959", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 335 }, { "timestamp": "2026-05-28 21:41:42,975", "thread_id": "3928", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "3928" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 336 }, { "timestamp": "2026-05-28 21:41:42,975", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 337 }, { "timestamp": "2026-05-28 21:41:42,975", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 338 }, { "timestamp": "2026-05-28 21:41:42,975", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 339 }, { "timestamp": "2026-05-28 21:41:42,990", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 340 }, { "timestamp": "2026-05-28 21:41:42,990", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 341 }, { "timestamp": "2026-05-28 21:41:42,990", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 342 }, { "timestamp": "2026-05-28 21:41:43,006", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 343 }, { "timestamp": "2026-05-28 21:41:43,006", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 344 }, { "timestamp": "2026-05-28 21:41:43,021", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 345 }, { "timestamp": "2026-05-28 21:41:43,021", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 346 }, { "timestamp": "2026-05-28 21:41:43,037", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 347 }, { "timestamp": "2026-05-28 21:41:43,037", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 348 }, { "timestamp": "2026-05-28 21:41:43,053", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 349 }, { "timestamp": "2026-05-28 21:41:43,068", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 350 }, { "timestamp": "2026-05-28 21:41:43,068", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 351 }, { "timestamp": "2026-05-28 21:41:43,084", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 352 }, { "timestamp": "2026-05-28 21:41:43,115", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 353 }, { "timestamp": "2026-05-28 21:41:43,115", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 354 }, { "timestamp": "2026-05-28 21:41:43,131", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 355 }, { "timestamp": "2026-05-28 21:41:43,146", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 356 }, { "timestamp": "2026-05-28 21:41:43,146", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000f9c" }, { "name": "ThreadHandle", "value": "0x0000111c" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540812348 --metrics-shmem-handle=4244,i,11385932005541265785,1562708900009701974,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4104 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "9436" } ], "repeated": 0, "id": 357 }, { "timestamp": "2026-05-28 21:41:43,162", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 358 }, { "timestamp": "2026-05-28 21:41:43,162", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 359 }, { "timestamp": "2026-05-28 21:41:43,162", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 360 }, { "timestamp": "2026-05-28 21:41:43,178", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 361 }, { "timestamp": "2026-05-28 21:41:43,178", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 362 }, { "timestamp": "2026-05-28 21:41:43,178", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540812348 --metrics-shmem-handle=4244,i,11385932005541265785,1562708900009701974,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4104 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "9436" }, { "name": "ThreadId", "value": "9440" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000f9c" }, { "name": "ThreadHandle", "value": "0x0000111c" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 363 }, { "timestamp": "2026-05-28 21:41:43,178", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 364 }, { "timestamp": "2026-05-28 21:41:43,178", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 365 }, { "timestamp": "2026-05-28 21:41:43,193", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 366 }, { "timestamp": "2026-05-28 21:41:43,193", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 367 }, { "timestamp": "2026-05-28 21:41:43,193", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 368 }, { "timestamp": "2026-05-28 21:41:43,209", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 369 }, { "timestamp": "2026-05-28 21:41:43,209", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 370 }, { "timestamp": "2026-05-28 21:41:43,225", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 371 }, { "timestamp": "2026-05-28 21:41:43,225", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 372 }, { "timestamp": "2026-05-28 21:41:43,240", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 373 }, { "timestamp": "2026-05-28 21:41:43,240", "thread_id": "2236", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "2236" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 4, "id": 374 }, { "timestamp": "2026-05-28 21:41:43,271", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 375 }, { "timestamp": "2026-05-28 21:41:43,287", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 376 }, { "timestamp": "2026-05-28 21:41:43,303", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 377 }, { "timestamp": "2026-05-28 21:41:43,318", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 378 }, { "timestamp": "2026-05-28 21:41:43,350", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 379 }, { "timestamp": "2026-05-28 21:41:43,365", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 380 }, { "timestamp": "2026-05-28 21:41:43,365", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 381 }, { "timestamp": "2026-05-28 21:41:43,365", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 382 }, { "timestamp": "2026-05-28 21:41:43,365", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 383 }, { "timestamp": "2026-05-28 21:41:43,381", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 384 }, { "timestamp": "2026-05-28 21:41:43,396", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 385 }, { "timestamp": "2026-05-28 21:41:43,428", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 386 }, { "timestamp": "2026-05-28 21:41:43,443", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 387 }, { "timestamp": "2026-05-28 21:41:43,490", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 388 }, { "timestamp": "2026-05-28 21:41:43,490", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 389 }, { "timestamp": "2026-05-28 21:41:43,521", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 390 }, { "timestamp": "2026-05-28 21:41:43,521", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 391 }, { "timestamp": "2026-05-28 21:41:43,553", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 392 }, { "timestamp": "2026-05-28 21:41:43,553", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 393 }, { "timestamp": "2026-05-28 21:41:43,568", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 2, "id": 394 }, { "timestamp": "2026-05-28 21:41:43,584", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 395 }, { "timestamp": "2026-05-28 21:41:43,740", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 396 }, { "timestamp": "2026-05-28 21:41:44,412", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 397 }, { "timestamp": "2026-05-28 21:41:44,443", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 398 }, { "timestamp": "2026-05-28 21:41:44,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 399 }, { "timestamp": "2026-05-28 21:41:44,615", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 400 }, { "timestamp": "2026-05-28 21:41:44,631", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 401 }, { "timestamp": "2026-05-28 21:41:44,631", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 402 }, { "timestamp": "2026-05-28 21:41:44,646", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 403 }, { "timestamp": "2026-05-28 21:41:44,646", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 404 }, { "timestamp": "2026-05-28 21:41:44,646", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 405 }, { "timestamp": "2026-05-28 21:41:44,678", "thread_id": "6992", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "6992" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 406 }, { "timestamp": "2026-05-28 21:41:44,693", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 407 }, { "timestamp": "2026-05-28 21:41:45,068", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 408 }, { "timestamp": "2026-05-28 21:41:45,365", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 409 }, { "timestamp": "2026-05-28 21:41:45,365", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 410 }, { "timestamp": "2026-05-28 21:41:45,381", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 411 }, { "timestamp": "2026-05-28 21:41:45,381", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 412 }, { "timestamp": "2026-05-28 21:41:45,381", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 413 }, { "timestamp": "2026-05-28 21:41:45,396", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 414 }, { "timestamp": "2026-05-28 21:41:45,396", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 415 }, { "timestamp": "2026-05-28 21:41:45,396", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 416 }, { "timestamp": "2026-05-28 21:41:45,396", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 417 }, { "timestamp": "2026-05-28 21:41:45,428", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 418 }, { "timestamp": "2026-05-28 21:41:45,459", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 5, "id": 419 }, { "timestamp": "2026-05-28 21:41:45,521", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 420 }, { "timestamp": "2026-05-28 21:41:45,553", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 421 }, { "timestamp": "2026-05-28 21:41:45,615", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 5, "id": 422 }, { "timestamp": "2026-05-28 21:41:45,771", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 423 }, { "timestamp": "2026-05-28 21:41:45,771", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 424 }, { "timestamp": "2026-05-28 21:41:45,803", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 425 }, { "timestamp": "2026-05-28 21:41:45,818", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 426 }, { "timestamp": "2026-05-28 21:41:45,850", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 427 }, { "timestamp": "2026-05-28 21:41:45,881", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 3, "id": 428 }, { "timestamp": "2026-05-28 21:41:45,912", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 429 }, { "timestamp": "2026-05-28 21:41:45,928", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 19, "id": 430 }, { "timestamp": "2026-05-28 21:41:47,600", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 5, "id": 431 }, { "timestamp": "2026-05-28 21:42:03,600", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 432 }, { "timestamp": "2026-05-28 21:42:03,600", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 433 }, { "timestamp": "2026-05-28 21:42:03,600", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\taskschd" }, { "name": "DllBase", "value": "0x7ffc25e00000" } ], "repeated": 0, "id": 434 }, { "timestamp": "2026-05-28 21:42:03,615", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 435 }, { "timestamp": "2026-05-28 21:42:03,615", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\Secur32" }, { "name": "DllBase", "value": "0x7ffc1cba0000" } ], "repeated": 0, "id": 436 }, { "timestamp": "2026-05-28 21:42:11,709", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 437 }, { "timestamp": "2026-05-28 21:42:11,709", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001554" }, { "name": "ThreadHandle", "value": "0x00001550" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5420,i,9293193041365869203,1552283600214825622,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=5452 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "12764" } ], "repeated": 0, "id": 438 }, { "timestamp": "2026-05-28 21:42:11,709", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 439 }, { "timestamp": "2026-05-28 21:42:11,725", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 440 }, { "timestamp": "2026-05-28 21:42:11,725", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5420,i,9293193041365869203,1552283600214825622,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=5452 /prefetch:8" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "12764" }, { "name": "ThreadId", "value": "12756" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00001554" }, { "name": "ThreadHandle", "value": "0x00001550" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 441 }, { "timestamp": "2026-05-28 21:42:11,725", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 442 }, { "timestamp": "2026-05-28 21:42:11,756", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000be4" }, { "name": "ThreadHandle", "value": "0x00001538" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5444,i,10078564000181174557,9062345241240227149,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=5456 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "8160" } ], "repeated": 0, "id": 443 }, { "timestamp": "2026-05-28 21:42:11,756", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 444 }, { "timestamp": "2026-05-28 21:42:11,771", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 445 }, { "timestamp": "2026-05-28 21:42:11,771", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5444,i,10078564000181174557,9062345241240227149,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=5456 /prefetch:8" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "8160" }, { "name": "ThreadId", "value": "3092" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000be4" }, { "name": "ThreadHandle", "value": "0x00001538" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 446 }, { "timestamp": "2026-05-28 21:42:11,771", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 447 }, { "timestamp": "2026-05-28 21:42:11,818", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000158c" }, { "name": "ThreadHandle", "value": "0x00001580" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5472,i,12896046378289974589,11025856552623480385,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=5432 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "7824" } ], "repeated": 0, "id": 448 }, { "timestamp": "2026-05-28 21:42:11,818", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 449 }, { "timestamp": "2026-05-28 21:42:11,818", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 450 }, { "timestamp": "2026-05-28 21:42:11,834", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5472,i,12896046378289974589,11025856552623480385,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=5432 /prefetch:8" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "7824" }, { "name": "ThreadId", "value": "12672" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x0000158c" }, { "name": "ThreadHandle", "value": "0x00001580" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 451 }, { "timestamp": "2026-05-28 21:42:11,834", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 452 }, { "timestamp": "2026-05-28 21:42:11,865", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 453 }, { "timestamp": "2026-05-28 21:42:42,084", "thread_id": "7792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7792" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 454 }, { "timestamp": "2026-05-28 21:43:41,709", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 455 }, { "timestamp": "2026-05-28 21:43:44,662", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000015a8" }, { "name": "ThreadHandle", "value": "0x00001594" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=940,i,12374555509904114995,13274239554060129860,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=5404 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13828" } ], "repeated": 0, "id": 456 }, { "timestamp": "2026-05-28 21:43:45,975", "thread_id": "5348", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5348" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 457 }, { "timestamp": "2026-05-28 21:43:46,006", "thread_id": "7840", "caller": "0x7ff78cd232c3", "parentcaller": "0x7ff78cd23041", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "7840" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 458 }, { "timestamp": "2026-05-28 21:43:46,115", "thread_id": "5172", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 459 }, { "timestamp": "2026-05-28 21:43:47,068", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=940,i,12374555509904114995,13274239554060129860,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=5404 /prefetch:8" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13828" }, { "name": "ThreadId", "value": "10028" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x000015a8" }, { "name": "ThreadHandle", "value": "0x00001594" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 460 }, { "timestamp": "2026-05-28 21:43:47,068", "thread_id": "5172", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "5172" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 0, "id": 461 }, { "timestamp": "2026-05-28 21:43:47,506", "thread_id": "1884", "caller": "0x7ff78cd372af", "parentcaller": "0x7ff78ceda002", "category": "__notification__", "api": "syscall", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "1884" }, { "name": "Module", "value": "chrome_elf.dll" }, { "name": "Function", "value": "NtMapViewOfSection" }, { "name": "Return Address", "value": "0x7ffc136d0014" } ], "repeated": 1, "id": 462 } ], "threads": [ "1884", "1188", "5348", "428", "2144", "5172", "2236", "1880", "3928", "2164", "1464", "7840", "2224", "2988", "6992", "7792", "1964", "7616" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" ", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff78cd00000", "MainExeSize": "0x00421000", "Bitness": "64-bit" }, "file_activities": { "read_files": [], "write_files": [], "delete_files": [] } }, { "process_id": 2208, "process_name": "msedge.exe", "parent_id": 4248, "module_path": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe", "first_seen": "2026-05-28 21:41:43,959", "calls": [ { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\bcryptprimitives" }, { "name": "DllBase", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 0 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\version" }, { "name": "DllBase", "value": "0x7ffc19c80000" } ], "repeated": 0, "id": 1 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\shcore" }, { "name": "DllBase", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 2 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\shcore" }, { "name": "DllBase", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 3 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\Wldp" }, { "name": "DllBase", "value": "0x7ffc2a140000" } ], "repeated": 0, "id": 4 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\windows.storage" }, { "name": "DllBase", "value": "0x7ffc288b0000" } ], "repeated": 0, "id": 5 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\SHCORE" }, { "name": "DllBase", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 6 }, { "timestamp": "2026-05-28 21:41:44,021", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ntmarta" }, { "name": "DllBase", "value": "0x7ffc298f0000" } ], "repeated": 0, "id": 7 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WINMM" }, { "name": "DllBase", "value": "0x7ffc15250000" } ], "repeated": 0, "id": 8 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge" }, { "name": "DllBase", "value": "0x7ffbbe9a0000" } ], "repeated": 0, "id": 9 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\KBDUS" }, { "name": "DllBase", "value": "0x7ffc17fd0000" } ], "repeated": 0, "id": 10 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\KBDUS" }, { "name": "DllBase", "value": "0x7ffc17fd0000" } ], "repeated": 0, "id": 11 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\uxtheme" }, { "name": "DllBase", "value": "0x7ffc28160000" } ], "repeated": 0, "id": 12 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\kernel.appcore" }, { "name": "DllBase", "value": "0x7ffc286b0000" } ], "repeated": 0, "id": 13 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\clbcatq" }, { "name": "DllBase", "value": "0x7ffc2c9c0000" } ], "repeated": 0, "id": 14 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings" }, { "name": "DllBase", "value": "0x7ffc20250000" } ], "repeated": 0, "id": 15 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 16 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "10156", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada89f3", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000003ac" }, { "name": "ThreadHandle", "value": "0x000003a8" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=148.0.7778.180 \"--annotation=exe=C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=148.0.3967.83 --initial-client-data=0x348,0x34c,0x350,0x344,0x358,0x7ffbd24e5d58,0x7ffbd24e5d64,0x7ffbd24e5d70" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10176" } ], "repeated": 0, "id": 17 }, { "timestamp": "2026-05-28 21:41:44,068", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\policymanager" }, { "name": "DllBase", "value": "0x7ffc23b90000" } ], "repeated": 0, "id": 18 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\policymanager" }, { "name": "DllBase", "value": "0x7ffc23b90000" } ], "repeated": 0, "id": 19 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 20 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "10156", "caller": "0x7ffc2ada89f3", "parentcaller": "0x7ffc2cee7d70", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=148.0.7778.180 \"--annotation=exe=C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=148.0.3967.83 --initial-client-data=0x348,0x34c,0x350,0x344,0x358,0x7ffbd24e5d58,0x7ffbd24e5d64,0x7ffbd24e5d70" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "10176" }, { "name": "ThreadId", "value": "10180" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x000003ac" }, { "name": "ThreadHandle", "value": "0x000003a8" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 21 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\USERENV" }, { "name": "DllBase", "value": "0x7ffc2a6c0000" } ], "repeated": 0, "id": 22 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\gpapi" }, { "name": "DllBase", "value": "0x7ffc29060000" } ], "repeated": 0, "id": 23 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wkscli" }, { "name": "DllBase", "value": "0x7ffc29930000" } ], "repeated": 0, "id": 24 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\netutils" }, { "name": "DllBase", "value": "0x7ffc29ca0000" } ], "repeated": 0, "id": 25 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 26 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\MDMRegistration" }, { "name": "DllBase", "value": "0x7ffc17910000" } ], "repeated": 0, "id": 27 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\powrprof" }, { "name": "DllBase", "value": "0x7ffc2a630000" } ], "repeated": 0, "id": 28 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\CRYPTSP" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 29 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ncrypt" }, { "name": "DllBase", "value": "0x7ffc2a1b0000" } ], "repeated": 0, "id": 30 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\imagehlp" }, { "name": "DllBase", "value": "0x7ffc2b260000" } ], "repeated": 0, "id": 31 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\tbs" }, { "name": "DllBase", "value": "0x7ffc236c0000" } ], "repeated": 0, "id": 32 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DMCmnUtils" }, { "name": "DllBase", "value": "0x7ffc1af70000" } ], "repeated": 0, "id": 33 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\omadmapi" }, { "name": "DllBase", "value": "0x7ffc15500000" } ], "repeated": 0, "id": 34 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\UMPDC" }, { "name": "DllBase", "value": "0x7ffc2a560000" } ], "repeated": 0, "id": 35 }, { "timestamp": "2026-05-28 21:41:44,084", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\NTASN1" }, { "name": "DllBase", "value": "0x7ffc2a170000" } ], "repeated": 0, "id": 36 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\MDMRegistration" }, { "name": "DllBase", "value": "0x7ffc17910000" } ], "repeated": 0, "id": 37 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\omadmapi" }, { "name": "DllBase", "value": "0x7ffc15500000" } ], "repeated": 0, "id": 38 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 39 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\powrprof" }, { "name": "DllBase", "value": "0x7ffc2a630000" } ], "repeated": 0, "id": 40 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\UMPDC" }, { "name": "DllBase", "value": "0x7ffc2a560000" } ], "repeated": 0, "id": 41 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DMCmnUtils" }, { "name": "DllBase", "value": "0x7ffc1af70000" } ], "repeated": 0, "id": 42 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\CRYPTSP" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 43 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ncrypt" }, { "name": "DllBase", "value": "0x7ffc2a1b0000" } ], "repeated": 0, "id": 44 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\NTASN1" }, { "name": "DllBase", "value": "0x7ffc2a170000" } ], "repeated": 0, "id": 45 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\tbs" }, { "name": "DllBase", "value": "0x7ffc236c0000" } ], "repeated": 0, "id": 46 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\imagehlp" }, { "name": "DllBase", "value": "0x7ffc2b260000" } ], "repeated": 0, "id": 47 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\netapi32" }, { "name": "DllBase", "value": "0x7ffc17770000" } ], "repeated": 0, "id": 48 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 49 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\cryptsp" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 50 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DSREG" }, { "name": "DllBase", "value": "0x7ffc27830000" } ], "repeated": 0, "id": 51 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\profapi" }, { "name": "DllBase", "value": "0x7ffc2a700000" } ], "repeated": 0, "id": 52 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\netapi32" }, { "name": "DllBase", "value": "0x7ffc17770000" } ], "repeated": 0, "id": 53 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DSREG" }, { "name": "DllBase", "value": "0x7ffc27830000" } ], "repeated": 0, "id": 54 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 55 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\cryptsp" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 56 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MSCTF" }, { "name": "DllBase", "value": "0x7ffc2b280000" } ], "repeated": 0, "id": 57 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\AssignedAccessRuntime" }, { "name": "DllBase", "value": "0x7ffc20230000" } ], "repeated": 0, "id": 58 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\powrprof" }, { "name": "DllBase", "value": "0x7ffc2a630000" } ], "repeated": 0, "id": 59 }, { "timestamp": "2026-05-28 21:41:44,100", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\UMPDC" }, { "name": "DllBase", "value": "0x7ffc2a560000" } ], "repeated": 0, "id": 60 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\SystemSettings.DataModel" }, { "name": "DllBase", "value": "0x7ffc21b30000" } ], "repeated": 0, "id": 61 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DWrite" }, { "name": "DllBase", "value": "0x7ffc1e180000" } ], "repeated": 0, "id": 62 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\\COMCTL32" }, { "name": "DllBase", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 63 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "10388", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub" }, { "name": "DllBase", "value": "0x7ffc24d40000" } ], "repeated": 0, "id": 64 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DPAPI" }, { "name": "DllBase", "value": "0x7ffc2a4f0000" } ], "repeated": 0, "id": 65 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\IPHLPAPI" }, { "name": "DllBase", "value": "0x7ffc29b90000" } ], "repeated": 0, "id": 66 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\NLAapi" }, { "name": "DllBase", "value": "0x7ffc26180000" } ], "repeated": 0, "id": 67 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\NSI" }, { "name": "DllBase", "value": "0x7ffc2c7b0000" } ], "repeated": 0, "id": 68 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\dhcpcsvc6" }, { "name": "DllBase", "value": "0x7ffc232d0000" } ], "repeated": 0, "id": 69 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "10412", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\StructuredQuery" }, { "name": "DllBase", "value": "0x7ffc216e0000" } ], "repeated": 0, "id": 70 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "10380", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CFGMGR32" }, { "name": "DllBase", "value": "0x7ffc2acd0000" } ], "repeated": 0, "id": 71 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\dhcpcsvc" }, { "name": "DllBase", "value": "0x7ffc232b0000" } ], "repeated": 0, "id": 72 }, { "timestamp": "2026-05-28 21:41:44,115", "thread_id": "10412", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\PROPSYS" }, { "name": "DllBase", "value": "0x7ffc27140000" } ], "repeated": 0, "id": 73 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DNSAPI" }, { "name": "DllBase", "value": "0x7ffc29bd0000" } ], "repeated": 0, "id": 74 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "10456", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS" }, { "name": "DllBase", "value": "0x7ffc1beb0000" } ], "repeated": 0, "id": 75 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreMessaging" }, { "name": "DllBase", "value": "0x7ffc27dc0000" } ], "repeated": 0, "id": 76 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wintypes" }, { "name": "DllBase", "value": "0x7ffc26fe0000" } ], "repeated": 0, "id": 77 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreUIComponents" }, { "name": "DllBase", "value": "0x7ffc27980000" } ], "repeated": 0, "id": 78 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\textinputframework" }, { "name": "DllBase", "value": "0x7ffc1fa90000" } ], "repeated": 0, "id": 79 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "10412", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\Windows.Storage.Search" }, { "name": "DllBase", "value": "0x7ffc1bcf0000" } ], "repeated": 0, "id": 80 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\twinapi.appcore" }, { "name": "DllBase", "value": "0x7ffc25980000" } ], "repeated": 0, "id": 81 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\twinapi" }, { "name": "DllBase", "value": "0x7ffc17530000" } ], "repeated": 0, "id": 82 }, { "timestamp": "2026-05-28 21:41:44,131", "thread_id": "10456", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\mssprxy" }, { "name": "DllBase", "value": "0x7ffc1ad10000" } ], "repeated": 0, "id": 83 }, { "timestamp": "2026-05-28 21:41:44,146", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\WindowManagementAPI" }, { "name": "DllBase", "value": "0x7ffc25b90000" } ], "repeated": 0, "id": 84 }, { "timestamp": "2026-05-28 21:41:44,146", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\InputHost" }, { "name": "DllBase", "value": "0x7ffc1f650000" } ], "repeated": 0, "id": 85 }, { "timestamp": "2026-05-28 21:41:44,146", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.UI" }, { "name": "DllBase", "value": "0x7ffc1fb90000" } ], "repeated": 0, "id": 86 }, { "timestamp": "2026-05-28 21:41:44,146", "thread_id": "10388", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\edputil" }, { "name": "DllBase", "value": "0x7ffc1ace0000" } ], "repeated": 0, "id": 87 }, { "timestamp": "2026-05-28 21:41:44,146", "thread_id": "10468", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WTSAPI32" }, { "name": "DllBase", "value": "0x7ffc27460000" } ], "repeated": 0, "id": 88 }, { "timestamp": "2026-05-28 21:41:44,146", "thread_id": "10468", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WINSTA" }, { "name": "DllBase", "value": "0x7ffc2a500000" } ], "repeated": 0, "id": 89 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\iertutil" }, { "name": "DllBase", "value": "0x7ffc20c50000" } ], "repeated": 0, "id": 90 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Web" }, { "name": "DllBase", "value": "0x7ffc1ac10000" } ], "repeated": 0, "id": 91 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10336", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\oneauth" }, { "name": "DllBase", "value": "0x7ffbbe3d0000" } ], "repeated": 0, "id": 92 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10336", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\Secur32" }, { "name": "DllBase", "value": "0x7ffc1cba0000" } ], "repeated": 0, "id": 93 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10372", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\WINHTTP" }, { "name": "DllBase", "value": "0x7ffc22a50000" } ], "repeated": 0, "id": 94 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.UI.Immersive" }, { "name": "DllBase", "value": "0x7ffc1e400000" } ], "repeated": 0, "id": 95 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ColorAdapterClient" }, { "name": "DllBase", "value": "0x7ffc257d0000" } ], "repeated": 0, "id": 96 }, { "timestamp": "2026-05-28 21:41:44,162", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\mscms" }, { "name": "DllBase", "value": "0x7ffc257f0000" } ], "repeated": 0, "id": 97 }, { "timestamp": "2026-05-28 21:41:44,178", "thread_id": "10328", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\LINKINFO" }, { "name": "DllBase", "value": "0x7ffc1be00000" } ], "repeated": 0, "id": 98 }, { "timestamp": "2026-05-28 21:41:44,193", "thread_id": "10564", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000b78" }, { "name": "ThreadHandle", "value": "0x00000b74" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --startup-read-main-dll --metrics-shmem-handle=2224,i,3377350390963965430,16709463295489959638,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2924 /prefetch:3" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10688" } ], "repeated": 0, "id": 99 }, { "timestamp": "2026-05-28 21:41:44,225", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\dxgi" }, { "name": "DllBase", "value": "0x7ffc29090000" } ], "repeated": 0, "id": 100 }, { "timestamp": "2026-05-28 21:41:44,225", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\d3d11" }, { "name": "DllBase", "value": "0x7ffc26d70000" } ], "repeated": 0, "id": 101 }, { "timestamp": "2026-05-28 21:41:44,225", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\dcomp" }, { "name": "DllBase", "value": "0x7ffc27240000" } ], "repeated": 0, "id": 102 }, { "timestamp": "2026-05-28 21:41:44,240", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\dataexchange" }, { "name": "DllBase", "value": "0x7ffc14fc0000" } ], "repeated": 0, "id": 103 }, { "timestamp": "2026-05-28 21:41:44,240", "thread_id": "10564", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --startup-read-main-dll --metrics-shmem-handle=2224,i,3377350390963965430,16709463295489959638,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2924 /prefetch:3" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "10688" }, { "name": "ThreadId", "value": "10692" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000b78" }, { "name": "ThreadHandle", "value": "0x00000b74" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 104 }, { "timestamp": "2026-05-28 21:41:44,240", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000c28" }, { "name": "ThreadHandle", "value": "0x00000c1c" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --startup-read-main-dll --metrics-shmem-handle=2632,i,2188067933038035117,14075627089191504876,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2932 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10748" } ], "repeated": 0, "id": 105 }, { "timestamp": "2026-05-28 21:41:44,240", "thread_id": "10320", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\sxs" }, { "name": "DllBase", "value": "0x7ffc2a580000" } ], "repeated": 0, "id": 106 }, { "timestamp": "2026-05-28 21:41:44,240", "thread_id": "10372", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000c6c" }, { "name": "ThreadHandle", "value": "0x00000bb0" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=gpu-process --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=2084,i,6134085735445746800,11295493968892064137,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=2360 /prefetch:2" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10760" } ], "repeated": 0, "id": 107 }, { "timestamp": "2026-05-28 21:41:44,271", "thread_id": "10544", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000dc8" }, { "name": "ThreadHandle", "value": "0x00000dc4" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541939531 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3348,i,11950763115237329230,10523231392815793482,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3392 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10828" } ], "repeated": 0, "id": 108 }, { "timestamp": "2026-05-28 21:41:44,271", "thread_id": "10536", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.System.Profile.RetailInfo" }, { "name": "DllBase", "value": "0x7ffc17950000" } ], "repeated": 0, "id": 109 }, { "timestamp": "2026-05-28 21:41:44,271", "thread_id": "10548", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000de4" }, { "name": "ThreadHandle", "value": "0x00000dac" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541940694 --skip-read-main-dll --metrics-shmem-handle=3356,i,5647178414097470528,8114435118095730626,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3396 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10836" } ], "repeated": 0, "id": 110 }, { "timestamp": "2026-05-28 21:41:44,287", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --startup-read-main-dll --metrics-shmem-handle=2632,i,2188067933038035117,14075627089191504876,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2932 /prefetch:8" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "10748" }, { "name": "ThreadId", "value": "10752" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000c28" }, { "name": "ThreadHandle", "value": "0x00000c1c" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 111 }, { "timestamp": "2026-05-28 21:41:44,287", "thread_id": "10544", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541939531 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3348,i,11950763115237329230,10523231392815793482,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3392 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "10828" }, { "name": "ThreadId", "value": "10832" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000dc8" }, { "name": "ThreadHandle", "value": "0x00000dc4" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 112 }, { "timestamp": "2026-05-28 21:41:44,287", "thread_id": "10372", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=gpu-process --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=2084,i,6134085735445746800,11295493968892064137,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=2360 /prefetch:2" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "10760" }, { "name": "ThreadId", "value": "10764" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000c6c" }, { "name": "ThreadHandle", "value": "0x00000bb0" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 113 }, { "timestamp": "2026-05-28 21:41:44,287", "thread_id": "10548", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541940694 --skip-read-main-dll --metrics-shmem-handle=3356,i,5647178414097470528,8114435118095730626,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3396 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "10836" }, { "name": "ThreadId", "value": "10840" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000de4" }, { "name": "ThreadHandle", "value": "0x00000dac" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 114 }, { "timestamp": "2026-05-28 21:41:44,287", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\OLEACC" }, { "name": "DllBase", "value": "0x7ffc15030000" } ], "repeated": 0, "id": 115 }, { "timestamp": "2026-05-28 21:41:44,303", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\directmanipulation" }, { "name": "DllBase", "value": "0x7ffc1d050000" } ], "repeated": 0, "id": 116 }, { "timestamp": "2026-05-28 21:41:44,350", "thread_id": "10320", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\usermgrcli" }, { "name": "DllBase", "value": "0x7ffc25960000" } ], "repeated": 0, "id": 117 }, { "timestamp": "2026-05-28 21:41:44,365", "thread_id": "10320", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Internal.UI.Shell.WindowTabManager" }, { "name": "DllBase", "value": "0x7ffc12ab0000" } ], "repeated": 0, "id": 118 }, { "timestamp": "2026-05-28 21:41:44,381", "thread_id": "10320", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\dwmapi" }, { "name": "DllBase", "value": "0x7ffc283c0000" } ], "repeated": 0, "id": 119 }, { "timestamp": "2026-05-28 21:41:44,443", "thread_id": "11160", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Security.Authentication.Web.Core" }, { "name": "DllBase", "value": "0x7ffc198a0000" } ], "repeated": 0, "id": 120 }, { "timestamp": "2026-05-28 21:41:44,553", "thread_id": "10336", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\MSASN1" }, { "name": "DllBase", "value": "0x7ffc2a2d0000" } ], "repeated": 0, "id": 121 }, { "timestamp": "2026-05-28 21:41:44,568", "thread_id": "10556", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000ff0" }, { "name": "ThreadHandle", "value": "0x00000fec" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=542200817 --skip-read-main-dll --metrics-shmem-handle=4836,i,2071220740876779182,5632563938745608015,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=4820 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "11252" } ], "repeated": 0, "id": 122 }, { "timestamp": "2026-05-28 21:41:44,600", "thread_id": "10448", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub" }, { "name": "DllBase", "value": "0x7ffc1c0a0000" } ], "repeated": 0, "id": 123 }, { "timestamp": "2026-05-28 21:41:44,631", "thread_id": "10536", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\\Well Known Domains\\1.2.0.0\\well_known_domains" }, { "name": "DllBase", "value": "0x7ffbed5f0000" } ], "repeated": 0, "id": 124 }, { "timestamp": "2026-05-28 21:41:44,631", "thread_id": "10556", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=542200817 --skip-read-main-dll --metrics-shmem-handle=4836,i,2071220740876779182,5632563938745608015,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=4820 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "11252" }, { "name": "ThreadId", "value": "11256" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000ff0" }, { "name": "ThreadHandle", "value": "0x00000fec" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 125 }, { "timestamp": "2026-05-28 21:41:44,646", "thread_id": "10336", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\CRYPTSP" }, { "name": "DllBase", "value": "0x7ffc2a090000" } ], "repeated": 0, "id": 126 }, { "timestamp": "2026-05-28 21:41:44,646", "thread_id": "10448", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\vaultcli" }, { "name": "DllBase", "value": "0x7ffc1cfe0000" } ], "repeated": 0, "id": 127 }, { "timestamp": "2026-05-28 21:41:44,646", "thread_id": "10336", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\rsaenh" }, { "name": "DllBase", "value": "0x7ffc297d0000" } ], "repeated": 0, "id": 128 }, { "timestamp": "2026-05-28 21:41:44,662", "thread_id": "10380", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\aadWamExtension" }, { "name": "DllBase", "value": "0x7ffc17910000" } ], "repeated": 0, "id": 129 }, { "timestamp": "2026-05-28 21:41:44,678", "thread_id": "10448", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MicrosoftAccountWAMExtension" }, { "name": "DllBase", "value": "0x7ffbed560000" } ], "repeated": 0, "id": 130 }, { "timestamp": "2026-05-28 21:41:45,584", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000fd0" }, { "name": "ThreadHandle", "value": "0x00000cf4" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=543231074 --skip-read-main-dll --metrics-shmem-handle=4484,i,14410762605053120473,13433378547220591745,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4024 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "11928" } ], "repeated": 0, "id": 131 }, { "timestamp": "2026-05-28 21:41:45,584", "thread_id": "10372", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000f98" }, { "name": "ThreadHandle", "value": "0x00000fa4" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --skip-read-main-dll --metrics-shmem-handle=4492,i,4020092805845306063,10328045033888351831,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=4476 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "11940" } ], "repeated": 0, "id": 132 }, { "timestamp": "2026-05-28 21:41:45,584", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=543231074 --skip-read-main-dll --metrics-shmem-handle=4484,i,14410762605053120473,13433378547220591745,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4024 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "11928" }, { "name": "ThreadId", "value": "11932" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000fd0" }, { "name": "ThreadHandle", "value": "0x00000cf4" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 133 }, { "timestamp": "2026-05-28 21:41:45,584", "thread_id": "10372", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --skip-read-main-dll --metrics-shmem-handle=4492,i,4020092805845306063,10328045033888351831,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=4476 /prefetch:8" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "11940" }, { "name": "ThreadId", "value": "11944" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000f98" }, { "name": "ThreadHandle", "value": "0x00000fa4" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 134 }, { "timestamp": "2026-05-28 21:41:45,600", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\netprofm" }, { "name": "DllBase", "value": "0x7ffc24c20000" } ], "repeated": 0, "id": 135 }, { "timestamp": "2026-05-28 21:41:45,631", "thread_id": "10780", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\telclient" }, { "name": "DllBase", "value": "0x7ffbb9dc0000" } ], "repeated": 0, "id": 136 }, { "timestamp": "2026-05-28 21:41:45,662", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\SETUPAPI" }, { "name": "DllBase", "value": "0x7ffc2c0d0000" } ], "repeated": 0, "id": 137 }, { "timestamp": "2026-05-28 21:41:45,662", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\npmproxy" }, { "name": "DllBase", "value": "0x7ffc225b0000" } ], "repeated": 0, "id": 138 }, { "timestamp": "2026-05-28 21:41:45,662", "thread_id": "10780", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\oneds" }, { "name": "DllBase", "value": "0x7ffbb9a80000" } ], "repeated": 0, "id": 139 }, { "timestamp": "2026-05-28 21:41:45,662", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\DEVOBJ" }, { "name": "DllBase", "value": "0x7ffc2a490000" } ], "repeated": 0, "id": 140 }, { "timestamp": "2026-05-28 21:41:45,662", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\WINTRUST" }, { "name": "DllBase", "value": "0x7ffc2b050000" } ], "repeated": 0, "id": 141 }, { "timestamp": "2026-05-28 21:41:45,678", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\FirewallAPI" }, { "name": "DllBase", "value": "0x7ffc293f0000" } ], "repeated": 0, "id": 142 }, { "timestamp": "2026-05-28 21:41:45,678", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\fwbase" }, { "name": "DllBase", "value": "0x7ffc293b0000" } ], "repeated": 0, "id": 143 }, { "timestamp": "2026-05-28 21:41:45,678", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\microsoft_shell_integration" }, { "name": "DllBase", "value": "0x7ffc11d50000" } ], "repeated": 0, "id": 144 }, { "timestamp": "2026-05-28 21:41:45,693", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\ffmpeg" }, { "name": "DllBase", "value": "0x7ffbbcbd0000" } ], "repeated": 0, "id": 145 }, { "timestamp": "2026-05-28 21:41:45,693", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\RMCLIENT" }, { "name": "DllBase", "value": "0x7ffc284d0000" } ], "repeated": 0, "id": 146 }, { "timestamp": "2026-05-28 21:41:45,693", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\XmlLite" }, { "name": "DllBase", "value": "0x7ffc26310000" } ], "repeated": 0, "id": 147 }, { "timestamp": "2026-05-28 21:41:45,693", "thread_id": "10464", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\wpnapps" }, { "name": "DllBase", "value": "0x7ffc16860000" } ], "repeated": 0, "id": 148 }, { "timestamp": "2026-05-28 21:41:45,725", "thread_id": "11352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\ShellCommonCommonProxyStub" }, { "name": "DllBase", "value": "0x7ffc11b00000" } ], "repeated": 0, "id": 149 }, { "timestamp": "2026-05-28 21:41:45,787", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\TenantRestrictionsPlugin" }, { "name": "DllBase", "value": "0x7ffc20180000" } ], "repeated": 0, "id": 150 }, { "timestamp": "2026-05-28 21:41:45,959", "thread_id": "10956", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001178" }, { "name": "ThreadHandle", "value": "0x00001268" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "10964" } ], "repeated": 0, "id": 151 }, { "timestamp": "2026-05-28 21:41:46,100", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 152 }, { "timestamp": "2026-05-28 21:41:46,100", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\policymanager" }, { "name": "DllBase", "value": "0x7ffc23b90000" } ], "repeated": 0, "id": 153 }, { "timestamp": "2026-05-28 21:41:46,100", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\policymanager" }, { "name": "DllBase", "value": "0x7ffc23b90000" } ], "repeated": 0, "id": 154 }, { "timestamp": "2026-05-28 21:41:46,100", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 155 }, { "timestamp": "2026-05-28 21:41:46,475", "thread_id": "10956", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\capauthz" }, { "name": "DllBase", "value": "0x7ffc23660000" } ], "repeated": 0, "id": 156 }, { "timestamp": "2026-05-28 21:41:46,475", "thread_id": "10956", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\windows.staterepositorycore" }, { "name": "DllBase", "value": "0x7ffc204e0000" } ], "repeated": 0, "id": 157 }, { "timestamp": "2026-05-28 21:41:46,490", "thread_id": "10956", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001268" }, { "name": "ThreadHandle", "value": "0x000000dc" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" }, { "name": "DllPath", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application;" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 158 }, { "timestamp": "2026-05-28 21:41:46,631", "thread_id": "10956", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" }, { "name": "CreationFlags", "value": "0x00080400", "pretty_value": "CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "12320" }, { "name": "ThreadId", "value": "12324" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00001268" }, { "name": "ThreadHandle", "value": "0x000000dc" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 159 }, { "timestamp": "2026-05-28 21:41:46,740", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel" }, { "name": "DllBase", "value": "0x7ffc19ae0000" } ], "repeated": 0, "id": 160 }, { "timestamp": "2026-05-28 21:41:46,740", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\AppXDeploymentClient" }, { "name": "DllBase", "value": "0x7ffc23a80000" } ], "repeated": 0, "id": 161 }, { "timestamp": "2026-05-28 21:41:46,740", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\wlanapi" }, { "name": "DllBase", "value": "0x7ffc22e90000" } ], "repeated": 0, "id": 162 }, { "timestamp": "2026-05-28 21:41:46,740", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\system32\\wlanapi" }, { "name": "DllBase", "value": "0x7ffc22e90000" } ], "repeated": 0, "id": 163 }, { "timestamp": "2026-05-28 21:41:46,865", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\NETAPI32" }, { "name": "DllBase", "value": "0x7ffc17770000" } ], "repeated": 0, "id": 164 }, { "timestamp": "2026-05-28 21:41:46,865", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ncrypt" }, { "name": "DllBase", "value": "0x7ffc2a1b0000" } ], "repeated": 0, "id": 165 }, { "timestamp": "2026-05-28 21:41:46,865", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\NTASN1" }, { "name": "DllBase", "value": "0x7ffc2a170000" } ], "repeated": 0, "id": 166 }, { "timestamp": "2026-05-28 21:41:46,865", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\PCPKsp" }, { "name": "DllBase", "value": "0x7ffc236e0000" } ], "repeated": 0, "id": 167 }, { "timestamp": "2026-05-28 21:41:46,865", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\imagehlp" }, { "name": "DllBase", "value": "0x7ffc2b260000" } ], "repeated": 0, "id": 168 }, { "timestamp": "2026-05-28 21:41:46,865", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\tbs" }, { "name": "DllBase", "value": "0x7ffc236c0000" } ], "repeated": 0, "id": 169 }, { "timestamp": "2026-05-28 21:41:46,881", "thread_id": "10352", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\ncryptprov" }, { "name": "DllBase", "value": "0x7ffc17800000" } ], "repeated": 0, "id": 170 }, { "timestamp": "2026-05-28 21:41:47,006", "thread_id": "10364", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\mswsock" }, { "name": "DllBase", "value": "0x7ffc29ea0000" } ], "repeated": 0, "id": 171 }, { "timestamp": "2026-05-28 21:41:50,615", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001794" }, { "name": "ThreadHandle", "value": "0x00001804" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=548257368 --skip-read-main-dll --metrics-shmem-handle=6196,i,5145543345457655702,10314529609131888891,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=6160 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13100" } ], "repeated": 0, "id": 172 }, { "timestamp": "2026-05-28 21:41:50,615", "thread_id": "10328", "caller": "0x7ffc2ada89f3", "parentcaller": "0x7ffc2cee7d70", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=548257368 --skip-read-main-dll --metrics-shmem-handle=6196,i,5145543345457655702,10314529609131888891,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=6160 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13100" }, { "name": "ThreadId", "value": "13104" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00001794" }, { "name": "ThreadHandle", "value": "0x00001804" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 173 }, { "timestamp": "2026-05-28 21:42:05,615", "thread_id": "10332", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wevtapi" }, { "name": "DllBase", "value": "0x7ffc23e60000" } ], "repeated": 0, "id": 174 }, { "timestamp": "2026-05-28 21:42:14,084", "thread_id": "10316", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.System.UserProfile.DiagnosticsSettings" }, { "name": "DllBase", "value": "0x7ffc1fe60000" } ], "repeated": 0, "id": 175 }, { "timestamp": "2026-05-28 21:42:14,162", "thread_id": "10564", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000608" }, { "name": "ThreadHandle", "value": "0x0000066c" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=1608,i,7042525181872960905,11845032959772828956,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=6444 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13388" } ], "repeated": 0, "id": 176 }, { "timestamp": "2026-05-28 21:42:14,162", "thread_id": "10564", "caller": "0x7ffc2ada9666", "parentcaller": "0x7ffc2d00cec4", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=1608,i,7042525181872960905,11845032959772828956,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=6444 /prefetch:8" }, { "name": "CreationFlags", "value": "0x00080000", "pretty_value": "EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13388" }, { "name": "ThreadId", "value": "13392" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000608" }, { "name": "ThreadHandle", "value": "0x0000066c" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 177 }, { "timestamp": "2026-05-28 21:42:20,631", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000fb0" }, { "name": "ThreadHandle", "value": "0x0000154c" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=578284156 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4840,i,15748124770976359258,15417350930948584221,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708998493415531 --mojo-platform-channel-handle=3316 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13500" } ], "repeated": 0, "id": 178 }, { "timestamp": "2026-05-28 21:42:20,631", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=578284156 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4840,i,15748124770976359258,15417350930948584221,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708998493415531 --mojo-platform-channel-handle=3316 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13500" }, { "name": "ThreadId", "value": "13504" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000fb0" }, { "name": "ThreadHandle", "value": "0x0000154c" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 179 }, { "timestamp": "2026-05-28 21:42:44,146", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\sppc" }, { "name": "DllBase", "value": "0x7ffc292e0000" } ], "repeated": 0, "id": 180 }, { "timestamp": "2026-05-28 21:42:44,146", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\slc" }, { "name": "DllBase", "value": "0x7ffc29310000" } ], "repeated": 0, "id": 181 }, { "timestamp": "2026-05-28 21:42:44,146", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\slwga" }, { "name": "DllBase", "value": "0x7ffc1cf10000" } ], "repeated": 0, "id": 182 }, { "timestamp": "2026-05-28 21:42:44,178", "thread_id": "10784", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient" }, { "name": "DllBase", "value": "0x7ffc14880000" } ], "repeated": 0, "id": 183 }, { "timestamp": "2026-05-28 21:42:44,193", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000158c" }, { "name": "ThreadHandle", "value": "0x00001594" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=4476,i,7622724040228643054,12288759875611487757,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=6236 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13868" } ], "repeated": 0, "id": 184 }, { "timestamp": "2026-05-28 21:42:44,193", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=4476,i,7622724040228643054,12288759875611487757,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=6236 /prefetch:8" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13868" }, { "name": "ThreadId", "value": "13872" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x0000158c" }, { "name": "ThreadHandle", "value": "0x00001594" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 185 }, { "timestamp": "2026-05-28 21:42:44,303", "thread_id": "5180", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CloudExperienceHostCommon" }, { "name": "DllBase", "value": "0x7ffbe85b0000" } ], "repeated": 0, "id": 186 }, { "timestamp": "2026-05-28 21:43:20,646", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "ThreadHandle", "value": "0x0000066c" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=638299828 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4796,i,12195753600292531721,15847398704622992708,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709000367499229 --mojo-platform-channel-handle=1396 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13416" } ], "repeated": 0, "id": 187 }, { "timestamp": "2026-05-28 21:43:20,662", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=638299828 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4796,i,12195753600292531721,15847398704622992708,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709000367499229 --mojo-platform-channel-handle=1396 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13416" }, { "name": "ThreadId", "value": "13408" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "ThreadHandle", "value": "0x0000066c" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 188 }, { "timestamp": "2026-05-28 21:43:24,428", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000015d8" }, { "name": "ThreadHandle", "value": "0x000015e0" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=642079966 --skip-read-main-dll --metrics-shmem-handle=5788,i,4430515866411945987,13768044107232759783,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709001304541078 --mojo-platform-channel-handle=5580 /prefetch:1" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "12064" } ], "repeated": 0, "id": 189 }, { "timestamp": "2026-05-28 21:43:24,443", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=642079966 --skip-read-main-dll --metrics-shmem-handle=5788,i,4430515866411945987,13768044107232759783,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709001304541078 --mojo-platform-channel-handle=5580 /prefetch:1" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "12064" }, { "name": "ThreadId", "value": "12104" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x000015d8" }, { "name": "ThreadHandle", "value": "0x000015e0" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 190 }, { "timestamp": "2026-05-28 21:43:24,787", "thread_id": "11144", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId" }, { "name": "DllBase", "value": "0x7ffc15280000" } ], "repeated": 0, "id": 191 }, { "timestamp": "2026-05-28 21:43:30,006", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001998" }, { "name": "ThreadHandle", "value": "0x00000d28" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --skip-read-main-dll --metrics-shmem-handle=3820,i,17709381801662516536,8945971709259553673,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709002241582927 --mojo-platform-channel-handle=3372 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "13596" } ], "repeated": 0, "id": 192 }, { "timestamp": "2026-05-28 21:43:30,818", "thread_id": "10328", "caller": "0x7ff7b5ff7d66", "parentcaller": "0x7ff7b5ff81c2", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --skip-read-main-dll --metrics-shmem-handle=3820,i,17709381801662516536,8945971709259553673,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709002241582927 --mojo-platform-channel-handle=3372 /prefetch:8" }, { "name": "CreationFlags", "value": "0x0008040c", "pretty_value": "CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "13596" }, { "name": "ThreadId", "value": "13600" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x00001998" }, { "name": "ThreadHandle", "value": "0x00000d28" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 193 }, { "timestamp": "2026-05-28 21:43:44,162", "thread_id": "10564", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada9666", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00001a14" }, { "name": "ThreadHandle", "value": "0x000017cc" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --skip-read-main-dll --metrics-shmem-handle=6624,i,1680310522638211945,12008188480887109079,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709003178624776 --mojo-platform-channel-handle=6648 /prefetch:8" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "5932" } ], "repeated": 0, "id": 194 } ], "threads": [ "5180", "10156", "10328", "10388", "10412", "10380", "10456", "10468", "10336", "10372", "10564", "10320", "10544", "10536", "10548", "11160", "10556", "10448", "10464", "10780", "10332", "10352", "11352", "10956", "10364", "10316", "10784", "11144" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"https://sugarcraft(dot)net/\"", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7b5f00000", "MainExeSize": "0x00505000", "Bitness": "64-bit" }, "file_activities": { "read_files": [], "write_files": [], "delete_files": [] } }, { "process_id": 12320, "process_name": "identity_helper.exe", "parent_id": 2208, "module_path": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe", "first_seen": "2026-05-28 21:41:46,660", "calls": [ { "timestamp": "2026-05-28 21:41:46,832", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d15c295", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000060", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd21e2a60" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 0 }, { "timestamp": "2026-05-28 21:41:46,863", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d15c295", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000010", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd223c510" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1 }, { "timestamp": "2026-05-28 21:41:46,894", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d15c295", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000008", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd2215c30" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 2 }, { "timestamp": "2026-05-28 21:41:46,926", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d15c295", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000090", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd223c590" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 3 }, { "timestamp": "2026-05-28 21:41:46,941", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d15c295", "category": "system", "api": "LdrpCallInitRoutine", "status": false, "return": "0x00000000", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd21aefd0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 4 }, { "timestamp": "2026-05-28 21:41:46,973", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d15c295", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000050", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd2211950" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 5 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd225f156", "parentcaller": "0x7ffbd2260c0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000008", "pretty_value": "PAGE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 6 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225faa7", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-fibers-l1-1-2" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 7 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225faa7", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-fibers-l1-1-2" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 8 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225faa7", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "FlsGetValue2" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 9 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225faa7", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225faa7", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 11 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2189070", "parentcaller": "0x7ffbd2212c96", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\bcryptprimitives" }, { "name": "DllBase", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 12 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2189070", "parentcaller": "0x7ffbd2212c96", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 13 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2189070", "parentcaller": "0x7ffbd2212c96", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b0c0000", "arguments": [ { "name": "lpLibFileName", "value": "bcryptprimitives.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 14 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2189089", "parentcaller": "0x7ffbd2212c96", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "bcryptprimitives.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b0c0000" }, { "name": "FunctionName", "value": "ProcessPrng" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b0d5010" } ], "repeated": 0, "id": 15 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2213b9c", "parentcaller": "0x7ffbd2213d77", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000000000" }, { "name": "RegionSize", "value": "0x800000000" }, { "name": "Protection", "value": "0x00000001", "pretty_value": "PAGE_NOACCESS" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 16 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2213b9c", "parentcaller": "0x7ffbd2213d77", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x3c17dda90000" }, { "name": "RegionSize", "value": "0x400000000" }, { "name": "Protection", "value": "0x00000001", "pretty_value": "PAGE_NOACCESS" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 17 }, { "timestamp": "2026-05-28 21:41:47,004", "thread_id": "12324", "caller": "0x7ffbd2213c18", "parentcaller": "0x7ffbd218b8df", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x3c17dda91000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 18 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000004000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 19 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000008000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 20 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd226006a", "parentcaller": "0x7ffbd2260c0a", "category": "misc", "api": "GetCommandLineA", "status": true, "return": "0x22b07a05850", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 21 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd2260077", "parentcaller": "0x7ffbd2260c0a", "category": "misc", "api": "GetCommandLineW", "status": true, "return": "0x22b07a03e96", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 22 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000018000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 23 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f6c7", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-localization-l1-2-1" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 24 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f6c7", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-localization-l1-2-1" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 25 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f6c7", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "LCMapStringEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad6d3c0" } ], "repeated": 0, "id": 26 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f6c7", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 27 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f6c7", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 28 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000028000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 29 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f1d6", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "kernel32" }, { "name": "BaseAddress", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 30 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f1d6", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2cff0000", "arguments": [ { "name": "lpLibFileName", "value": "kernel32" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 31 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f1d6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "AreFileApisANSI" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d010f00" } ], "repeated": 0, "id": 32 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f1d6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 33 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f1d6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 34 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x25900002c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 35 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000038000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 36 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x25900003c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 37 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000048000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 38 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x25900004c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 39 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000058000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 40 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x25900005c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 41 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x25900006c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 42 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000070000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 43 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000080000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 44 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cc301", "parentcaller": "0x7ffbd224fa72", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 45 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cc311", "parentcaller": "0x7ffbd224fa72", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "GetSystemTimePreciseAsFileTime" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d015350" } ], "repeated": 0, "id": 46 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000090000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 47 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f8f9", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-string-l1-1-0" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 48 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f8f9", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-string-l1-1-0" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 49 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f8f9", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "CompareStringEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad77130" } ], "repeated": 0, "id": 50 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f8f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 51 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f8f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 52 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f922", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "EnumSystemLocalesEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2add7f40" } ], "repeated": 0, "id": 53 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f922", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 54 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f922", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 55 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f94b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-datetime-l1-1-1" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 56 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225f94b", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-datetime-l1-1-1" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 57 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f94b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetDateFormatEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc55b0" } ], "repeated": 0, "id": 58 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f94b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 59 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f94b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 60 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f974", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetLocaleInfoEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad70210" } ], "repeated": 0, "id": 61 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f974", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 62 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f974", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 63 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f99d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetTimeFormatEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adcd1a0" } ], "repeated": 0, "id": 64 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f99d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 65 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f99d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 66 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f9c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetUserDefaultLocaleName" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad8ae80" } ], "repeated": 0, "id": 67 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f9c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 68 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f9c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 69 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225f9ef", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "IsValidLocaleName" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad6ad90" } ], "repeated": 0, "id": 70 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225f9ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 71 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225f9ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 72 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225fa41", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-localization-obsolete-l1-2-0" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 73 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fb27", "parentcaller": "0x7ffbd225fa41", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-localization-obsolete-l1-2-0" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 74 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225fa41", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "LCIDToLocaleName" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad6ae60" } ], "repeated": 0, "id": 75 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225fa41", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 76 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225fa41", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 77 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc58", "parentcaller": "0x7ffbd225fa6a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "LocaleNameToLCID" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc0070" } ], "repeated": 0, "id": 78 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fbd7", "parentcaller": "0x7ffbd225fa6a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 79 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd225fc08", "parentcaller": "0x7ffbd225fa6a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffbd250f000" }, { "name": "ModuleName", "value": "msedge_elf.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 80 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000098000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 81 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d7e31", "parentcaller": "0x7ffbd215b049", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 82 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d7e31", "parentcaller": "0x7ffbd215b049", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b0c0000", "arguments": [ { "name": "lpLibFileName", "value": "bcryptprimitives.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 83 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d7e4a", "parentcaller": "0x7ffbd215b049", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "bcryptprimitives.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b0c0000" }, { "name": "FunctionName", "value": "ProcessPrng" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b0d5010" } ], "repeated": 0, "id": 84 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d0e68", "parentcaller": "0x7ffbd21d0dc8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\usp10.dll" } ], "repeated": 0, "id": 85 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x25900009c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 86 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000ac000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 87 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfbd4", "parentcaller": "0x7ffbd21d0076", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xe7\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 88 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfc42", "parentcaller": "0x7ffbd21d0076", "category": "misc", "api": "GetCommandLineW", "status": true, "return": "0x22b07a03e96", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 89 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfcd6", "parentcaller": "0x7ffbd21d0076", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 90 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfce6", "parentcaller": "0x7ffbd21d0076", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "IsWow64Process" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d00f980" } ], "repeated": 0, "id": 91 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfeef", "parentcaller": "0x7ffbd21d00f0", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 92 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfeef", "parentcaller": "0x7ffbd21d00f0", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "1", "pretty_value": "FILE_OPEN" } ], "repeated": 0, "id": 93 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d019b", "parentcaller": "0x7ffbd21d03bc", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00000201", "pretty_value": "KEY_QUERY_VALUE|0x00000200" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" } ], "repeated": 0, "id": 94 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d02c2", "parentcaller": "0x7ffbd21d0346", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffff80000005", "pretty_return": "BUFFER_OVERFLOW", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "channel" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\channel" } ], "repeated": 0, "id": 95 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d02c2", "parentcaller": "0x7ffbd21d0346", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "channel" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "stable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\channel" } ], "repeated": 0, "id": 96 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d03ea", "parentcaller": "0x7ffbd21d08ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 97 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 98 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 99 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000038000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 100 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000090000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 101 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfeef", "parentcaller": "0x7ffbd21d00f0", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 102 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfeef", "parentcaller": "0x7ffbd21d00f0", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "1", "pretty_value": "FILE_OPEN" } ], "repeated": 0, "id": 103 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d019b", "parentcaller": "0x7ffbd21d03bc", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00000201", "pretty_value": "KEY_QUERY_VALUE|0x00000200" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" } ], "repeated": 0, "id": 104 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d02c2", "parentcaller": "0x7ffbd21d0346", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "ap" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\ap" } ], "repeated": 0, "id": 105 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d03ea", "parentcaller": "0x7ffbd21d195d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 106 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfeef", "parentcaller": "0x7ffbd21d00f0", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 107 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21cfeef", "parentcaller": "0x7ffbd21d00f0", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "1", "pretty_value": "FILE_OPEN" } ], "repeated": 0, "id": 108 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d019b", "parentcaller": "0x7ffbd21d03bc", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00000201", "pretty_value": "KEY_QUERY_VALUE|0x00000200" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort" } ], "repeated": 0, "id": 109 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d02c2", "parentcaller": "0x7ffbd21d0346", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffff80000005", "pretty_return": "BUFFER_OVERFLOW", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "name" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort\\name" } ], "repeated": 0, "id": 110 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d02c2", "parentcaller": "0x7ffbd21d0346", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "name" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort\\name" } ], "repeated": 0, "id": 111 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d03ea", "parentcaller": "0x7ffbd21d19ed", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 112 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 113 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" } ], "repeated": 0, "id": 114 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "en-AU" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU" } ], "repeated": 0, "id": 115 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 116 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" } ], "repeated": 0, "id": 117 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "en-AU" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU" } ], "repeated": 0, "id": 118 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 119 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000088" }, { "name": "ValueName", "value": "000603xx" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "kernel32.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx" } ], "repeated": 0, "id": 120 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "kernel32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 121 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2cff0000", "arguments": [ { "name": "lpLibFileName", "value": "kernel32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 122 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "SortGetHandle" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cffa190" } ], "repeated": 0, "id": 123 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "SortCloseHandle" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d010170" } ], "repeated": 0, "id": 124 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 125 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000020c" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000218" }, { "name": "FileName", "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" } ], "repeated": 0, "id": 126 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000020c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09b00000" }, { "name": "SectionOffset", "value": "0x5093d9e5d0" }, { "name": "ViewSize", "value": "0x00338000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 127 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000020c" } ], "repeated": 0, "id": 128 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 129 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids" } ], "repeated": 0, "id": 130 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "en-AU" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-AU" } ], "repeated": 0, "id": 131 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd22932c9", "parentcaller": "0x7ffbd21d094e", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000218" }, { "name": "ValueName", "value": "en" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en" } ], "repeated": 0, "id": 132 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 133 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 134 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21d0fba", "parentcaller": "0x7ffbd21a5699", "category": "misc", "api": "GetCommandLineW", "status": true, "return": "0x22b07a03e96", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 135 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000d4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 136 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 137 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 138 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 139 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000ac000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 140 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 141 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 142 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 143 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd21a55e1", "parentcaller": "0x7ffbd21a56aa", "category": "misc", "api": "GetCommandLineW", "status": true, "return": "0x22b07a03e96", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 1, "id": 144 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 145 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 146 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 147 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000ac000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 148 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 149 }, { "timestamp": "2026-05-28 21:41:47,019", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 150 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 151 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 152 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000f0000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 153 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000ac000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 154 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 155 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 156 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 157 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd218ba80", "parentcaller": "0x7ffbd218ab16", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2590000f0000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 158 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd221f562", "parentcaller": "0x7ffbd23d75e5", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "kernel32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 159 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd221f562", "parentcaller": "0x7ffbd23d75e5", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2cff0000", "arguments": [ { "name": "lpLibFileName", "value": "kernel32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 160 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd23d75e5", "parentcaller": "0x7ffbd23d20c4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "InitializeCriticalSectionEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d014d00" } ], "repeated": 0, "id": 161 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd221f3fe", "parentcaller": "0x7ffbd23d2105", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000020c" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\pipe\\crashpad_2208_BWQPYTKWQIYHENVA" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "no" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 162 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd221f425", "parentcaller": "0x7ffbd23d2105", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000020c" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\crashpad_2208_BWQPYTKWQIYHENVA" }, { "name": "FileInformationClass", "value": "23", "pretty_value": "FilePipeInformation" }, { "name": "FileInformation", "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 163 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd221f9bb", "parentcaller": "0x7ffbd221ff6d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000020c" } ], "repeated": 0, "id": 164 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd23d0ad2", "parentcaller": "0x7ffbd23d213f", "category": "hooking", "api": "SetUnhandledExceptionFilter", "status": true, "return": "0x00000001", "arguments": [ { "name": "ExceptionFilter", "value": "0x7ffbd23d1e30" } ], "repeated": 0, "id": 165 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd23d0ae4", "parentcaller": "0x7ffbd23d213f", "category": "hooking", "api": "RtlAddVectoredExceptionHandler", "status": true, "return": "0x22b093d07e0", "arguments": [ { "name": "First", "value": "1" }, { "name": "Handler", "value": "0x7ffbd23d1f50" } ], "repeated": 0, "id": 166 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd21d2947", "parentcaller": "0x7ffbd21d28b9", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 167 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd21d2947", "parentcaller": "0x7ffbd21d28b9", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "1", "pretty_value": "FILE_OPEN" } ], "repeated": 0, "id": 168 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd22d2986", "parentcaller": "0x7ffbd22d28f3", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780bc2000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 169 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd22d29aa", "parentcaller": "0x7ffbd22d28f3", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780bc2000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 170 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffbd22d29aa", "parentcaller": "0x7ffbd22d28f3", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf" }, { "name": "BaseAddress", "value": "0x7ffbd2060000" }, { "name": "InitRoutine", "value": "0x7ffbd223d2f0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 171 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc1a89125f", "parentcaller": "0x7ffc2ab0e473", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 172 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a35000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 173 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2adbc976", "parentcaller": "0x7ffc1a8a81dc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1aa6b000" }, { "name": "ModuleName", "value": "dbghelp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00003000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 174 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2ad7e6a1", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-file-l1-2-1.dll" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 175 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2ad7e6a1", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-file-l1-2-1.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 176 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1a8a8089", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetTempPathW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc4af0" } ], "repeated": 0, "id": 177 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2adbc976", "parentcaller": "0x7ffc1a8a826c", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1aa6b000" }, { "name": "ModuleName", "value": "dbghelp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00003000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 178 }, { "timestamp": "2026-05-28 21:41:47,035", "thread_id": "12324", "caller": "0x7ffc2adbc976", "parentcaller": "0x7ffc1a8a826c", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\dbghelp" }, { "name": "BaseAddress", "value": "0x7ffc1a890000" }, { "name": "InitRoutine", "value": "0x7ffc1a8ab1a0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 179 }, { "timestamp": "2026-05-28 21:41:47,051", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d1c3d4d", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x000000a0", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "BaseAddress", "value": "0x7ff7809a0000" }, { "name": "InitRoutine", "value": "0x7ff780a2fba0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 180 }, { "timestamp": "2026-05-28 21:41:47,066", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d1c3d4d", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000080", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "BaseAddress", "value": "0x7ff7809a0000" }, { "name": "InitRoutine", "value": "0x7ff780a74280" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 181 }, { "timestamp": "2026-05-28 21:41:47,082", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d1c3d4d", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x000000a0", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "BaseAddress", "value": "0x7ff7809a0000" }, { "name": "InitRoutine", "value": "0x7ff780a5a0e0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 182 }, { "timestamp": "2026-05-28 21:41:47,098", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d1c3d4d", "category": "system", "api": "LdrpCallInitRoutine", "status": false, "return": "0x00000000", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "BaseAddress", "value": "0x7ff7809a0000" }, { "name": "InitRoutine", "value": "0x7ff780a74300" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 183 }, { "timestamp": "2026-05-28 21:41:47,113", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d1c3d4d", "category": "system", "api": "LdrpCallInitRoutine", "status": false, "return": "0x00000000", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "BaseAddress", "value": "0x7ff7809a0000" }, { "name": "InitRoutine", "value": "0x7ff780a15840" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 184 }, { "timestamp": "2026-05-28 21:41:47,129", "thread_id": "12324", "caller": "0x7ffc2d109aff", "parentcaller": "0x7ffc2d1c3d4d", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000080", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe" }, { "name": "BaseAddress", "value": "0x7ff7809a0000" }, { "name": "InitRoutine", "value": "0x7ff780a55f80" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 185 }, { "timestamp": "2026-05-28 21:41:47,129", "thread_id": "12324", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 186 }, { "timestamp": "2026-05-28 21:41:47,129", "thread_id": "12324", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff780a74f90" }, { "name": "Parameter", "value": "0x5093fc7000" } ], "repeated": 0, "id": 187 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12448", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000100000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 188 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12448", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 189 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12448", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14481ed0" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 190 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12444", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b05000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 191 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12444", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 192 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12444", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14482030" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 193 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12440", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 194 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12440", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14481e10" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 195 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12436", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a24000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 196 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12436", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000005000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 197 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12436", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 198 }, { "timestamp": "2026-05-28 21:41:47,144", "thread_id": "12436", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14481a00" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 199 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94096", "parentcaller": "0x7ff780a95b4a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000008", "pretty_value": "PAGE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 200 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a949e7", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-fibers-l1-1-2" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 201 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a949e7", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-fibers-l1-1-2" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 202 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a949e7", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "FlsGetValue2" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 203 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a949e7", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 204 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a949e7", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 205 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a01500", "parentcaller": "0x7ff780a57156", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 206 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a01500", "parentcaller": "0x7ff780a57156", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b0c0000", "arguments": [ { "name": "lpLibFileName", "value": "bcryptprimitives.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 207 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a01519", "parentcaller": "0x7ff780a57156", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "bcryptprimitives.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b0c0000" }, { "name": "FunctionName", "value": "ProcessPrng" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b0d5010" } ], "repeated": 0, "id": 208 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a5805c", "parentcaller": "0x7ff780a58237", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000000000" }, { "name": "RegionSize", "value": "0x800000000" }, { "name": "Protection", "value": "0x00000001", "pretty_value": "PAGE_NOACCESS" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 209 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a5805c", "parentcaller": "0x7ff780a58237", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x56066f810000" }, { "name": "RegionSize", "value": "0x400000000" }, { "name": "Protection", "value": "0x00000001", "pretty_value": "PAGE_NOACCESS" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 210 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a580d8", "parentcaller": "0x7ff780a0297f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x56066f811000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 211 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000004000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 212 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000008000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 213 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94faa", "parentcaller": "0x7ff780a95b4a", "category": "misc", "api": "GetCommandLineA", "status": true, "return": "0x22b07a05850", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 214 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94fb7", "parentcaller": "0x7ff780a95b4a", "category": "misc", "api": "GetCommandLineW", "status": true, "return": "0x22b07a03e96", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 215 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000018000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 216 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94607", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-localization-l1-2-1" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 217 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94607", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-localization-l1-2-1" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 218 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a94607", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "LCMapStringEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad6d3c0" } ], "repeated": 0, "id": 219 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a94607", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 220 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a94607", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 221 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000028000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 222 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100002c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 223 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a9b002", "parentcaller": "0x7ff780a85732", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a25000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 224 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000038000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 225 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100003c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 226 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000048000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 227 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100004c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 228 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100005c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 229 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100006c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 230 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000070000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 231 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000080000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 232 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100008c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 233 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe1000098000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 234 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe100009c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 235 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000ac000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 236 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a22d71", "parentcaller": "0x7ff780a85bf2", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 237 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a22d81", "parentcaller": "0x7ff780a85bf2", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "GetSystemTimePreciseAsFileTime" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d015350" } ], "repeated": 0, "id": 238 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000b4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 239 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000b8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 240 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94834", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "kernel32" }, { "name": "BaseAddress", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 241 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94834", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2cff0000", "arguments": [ { "name": "lpLibFileName", "value": "kernel32" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 242 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a94834", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "AreFileApisANSI" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d010f00" } ], "repeated": 0, "id": 243 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a94834", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 244 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a94834", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 245 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94839", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-string-l1-1-0" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 246 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94839", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-string-l1-1-0" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 247 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a94839", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "CompareStringEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad77130" } ], "repeated": 0, "id": 248 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a94839", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 249 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a94839", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 250 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a94862", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "EnumSystemLocalesEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2add7f40" } ], "repeated": 0, "id": 251 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a94862", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 252 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a94862", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 253 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a9488b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-datetime-l1-1-1" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 254 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a9488b", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-datetime-l1-1-1" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 255 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a9488b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetDateFormatEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc55b0" } ], "repeated": 0, "id": 256 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a9488b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 257 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a9488b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 258 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a948b4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetLocaleInfoEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad70210" } ], "repeated": 0, "id": 259 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a948b4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 260 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a948b4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 261 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a948dd", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetTimeFormatEx" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adcd1a0" } ], "repeated": 0, "id": 262 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a948dd", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 263 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a948dd", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 264 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a94906", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetUserDefaultLocaleName" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad8ae80" } ], "repeated": 0, "id": 265 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a94906", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 266 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a94906", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 267 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a9492f", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "IsValidLocaleName" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad6ad90" } ], "repeated": 0, "id": 268 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a9492f", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 269 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a9492f", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 270 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94981", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-localization-obsolete-l1-2-0" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 271 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94a67", "parentcaller": "0x7ff780a94981", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ad50000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-localization-obsolete-l1-2-0" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 272 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a94981", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "LCIDToLocaleName" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ad6ae60" } ], "repeated": 0, "id": 273 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a94981", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 274 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a94981", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 275 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b98", "parentcaller": "0x7ff780a949aa", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "LocaleNameToLCID" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc0070" } ], "repeated": 0, "id": 276 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b17", "parentcaller": "0x7ff780a949aa", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 277 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a94b48", "parentcaller": "0x7ff780a949aa", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff780c24000" }, { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 278 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a26e14", "parentcaller": "0x7ff780a26b29", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 279 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a26e24", "parentcaller": "0x7ff780a26b29", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlGetDeviceFamilyInfoEnum" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d12f850" } ], "repeated": 0, "id": 280 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a26e44", "parentcaller": "0x7ff780a26b29", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000204" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" } ], "repeated": 0, "id": 281 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a26e44", "parentcaller": "0x7ff780a26b29", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000204" }, { "name": "ValueName", "value": "DeviceForm" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm" } ], "repeated": 0, "id": 282 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a26e44", "parentcaller": "0x7ff780a26b29", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 283 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780ad68ce", "parentcaller": "0x7ff7809bad91", "category": "misc", "api": "GetCommandLineW", "status": true, "return": "0x22b07a03e96", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } ], "repeated": 0, "id": 284 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54315", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\shcore" }, { "name": "DllBase", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 285 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54315", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 286 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54315", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-downlevel-shell32-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 287 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54315", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b150000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-downlevel-shell32-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 288 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54331", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "shcore.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b150000" }, { "name": "FunctionName", "value": "CommandLineToArgvW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b16eb30" } ], "repeated": 0, "id": 289 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54348", "parentcaller": "0x7ff780ad692b", "category": "misc", "api": "CommandLineToArgvW", "status": true, "return": "0x22b07a24b70", "arguments": [ { "name": "CommandLine", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" }, { "name": "NumArgs", "value": "13" } ], "repeated": 0, "id": 290 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000c0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 291 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000d0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 292 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000dc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 293 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54398", "parentcaller": "0x7ff780ad692b", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a26000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 294 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54398", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 295 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54398", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 296 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54398", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 297 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54398", "parentcaller": "0x7ff780ad692b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "unload" }, { "name": "DllName", "value": "C:\\Windows\\System32\\shcore" }, { "name": "DllBase", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 298 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a54398", "parentcaller": "0x7ff780ad692b", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b150000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 299 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b20", "parentcaller": "0x7ff780a01bb6", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000b8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 300 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b20", "parentcaller": "0x7ff780a01bb6", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000dc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 301 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bade6", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 302 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809badf6", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "WerRegisterCustomMetadata" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d02bbf0" } ], "repeated": 0, "id": 303 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae16", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b093f0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 304 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae16", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" }, { "name": "MutexName", "value": "" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 305 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae16", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 306 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae16", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" }, { "name": "Milliseconds", "value": "4000" } ], "repeated": 0, "id": 307 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae16", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09e40000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 308 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae16", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 309 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae81", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 310 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae81", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" }, { "name": "Milliseconds", "value": "4000" } ], "repeated": 0, "id": 311 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809bae81", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 312 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809baf7f", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 313 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809baf7f", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" }, { "name": "Milliseconds", "value": "4000" } ], "repeated": 0, "id": 314 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff7809baf7f", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 315 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000e8000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 316 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b20", "parentcaller": "0x7ff780a01bb6", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000c0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 317 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b20", "parentcaller": "0x7ff780a01bb6", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000e8000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 318 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a55da1", "parentcaller": "0x7ff780b69e0b", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000208" } ], "repeated": 0, "id": 319 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2ab91", "parentcaller": "0x7ff7809d6aa9", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 320 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2ab91", "parentcaller": "0x7ff7809d6aa9", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b0c0000", "arguments": [ { "name": "lpLibFileName", "value": "bcryptprimitives.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 321 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2abaa", "parentcaller": "0x7ff7809d6aa9", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "bcryptprimitives.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b0c0000" }, { "name": "FunctionName", "value": "ProcessPrng" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b0d5010" } ], "repeated": 0, "id": 322 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000c0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 323 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2b5e6", "parentcaller": "0x7ff780a5308f", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\148.0.3967.83\\msedge.dll" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "no" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 324 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2b5e6", "parentcaller": "0x7ff780a5308f", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000208" }, { "name": "DesiredAccess", "value": "0xa0100080", "pretty_value": "GENERIC_READ|GENERIC_EXECUTE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge.dll" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 325 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2ba1c", "parentcaller": "0x7ff780a2bc6d", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000020c" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000208" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge.dll" } ], "repeated": 0, "id": 326 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2ba51", "parentcaller": "0x7ff780a2bc6d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x40000003", "arguments": [ { "name": "SectionHandle", "value": "0x0000020c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e000000" }, { "name": "SectionOffset", "value": "0x5093d9f680" }, { "name": "ViewSize", "value": "0x136be000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 327 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2be04", "parentcaller": "0x7ff780a2c9a4", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 328 }, { "timestamp": "2026-05-28 21:41:47,160", "thread_id": "12324", "caller": "0x7ff780a2be14", "parentcaller": "0x7ff780a2c9a4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "PrefetchVirtualMemory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2add6590" } ], "repeated": 0, "id": 329 }, { "timestamp": "2026-05-28 21:41:47,176", "thread_id": "12324", "caller": "0x7ff780a2bd36", "parentcaller": "0x7ff780a51e1d", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e000000" }, { "name": "RegionSize", "value": "0x136be000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 330 }, { "timestamp": "2026-05-28 21:41:47,176", "thread_id": "12324", "caller": "0x7ff780a2698c", "parentcaller": "0x7ff7809d4c5a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "ModuleHandle", "value": "0x7ff7809a0000" }, { "name": "FunctionName", "value": "GetHandleVerifier" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ff780a26850" } ], "repeated": 0, "id": 331 }, { "timestamp": "2026-05-28 21:41:47,176", "thread_id": "12324", "caller": "0x7ff780a02b9b", "parentcaller": "0x7ff780a0254f", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xe10000f8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 332 }, { "timestamp": "2026-05-28 21:41:47,176", "thread_id": "12324", "caller": "0x7ff7809d4cc2", "parentcaller": "0x7ff780a2bd52", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "71" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 333 }, { "timestamp": "2026-05-28 21:41:47,176", "thread_id": "12324", "caller": "0x7ff7809d4cc2", "parentcaller": "0x7ff780a2bd52", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000020c" } ], "repeated": 0, "id": 334 }, { "timestamp": "2026-05-28 21:41:47,176", "thread_id": "12324", "caller": "0x7ff7809d4cc2", "parentcaller": "0x7ff7809d6db8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000208" } ], "repeated": 0, "id": 335 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge" }, { "name": "DllBase", "value": "0x7ffbbe9a0000" } ], "repeated": 0, "id": 336 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-fibers-l1-1-2" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 337 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 338 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-localization-l1-2-1" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 339 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "kernel32" }, { "name": "BaseAddress", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 340 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-string-l1-1-0" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 341 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-datetime-l1-1-1" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 342 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-localization-obsolete-l1-2-0" }, { "name": "BaseAddress", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 343 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 344 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge.dll" }, { "name": "BaseAddress", "value": "0x7ffbbe9a0000" } ], "repeated": 0, "id": 345 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb3c0", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffbbe9a0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge.dll" }, { "name": "dwFlags", "value": "0x00000008" } ], "repeated": 0, "id": 346 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb5f1", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000208" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ff7809bb680" }, { "name": "Parameter", "value": "0x00000000" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12644" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "identity_helper.exe" } ], "repeated": 0, "id": 347 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb5f1", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000208", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ff7809bb680" }, { "name": "Parameter", "value": "0x00000000" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12644" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 348 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb620", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "msedge.dll" }, { "name": "ModuleHandle", "value": "0x7ffbbe9a0000" }, { "name": "FunctionName", "value": "ChromeMain" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffbbfcaa5c0" } ], "repeated": 0, "id": 349 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980009c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 350 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 351 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff7809bb680" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 352 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000b0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 353 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000bc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 354 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000c8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 355 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ucrtbase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2aaf0000" } ], "repeated": 0, "id": 356 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ucrtbase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2aaf0000" }, { "name": "FunctionName", "value": "signal" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ab618e0" } ], "repeated": 0, "id": 357 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000d8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 358 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 359 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000f0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 360 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800038000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 361 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800090000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 362 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\uxtheme" }, { "name": "DllBase", "value": "0x7ffc28160000" } ], "repeated": 0, "id": 363 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ADVAPI32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2ced0000" } ], "repeated": 0, "id": 364 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ced0000", "arguments": [ { "name": "lpLibFileName", "value": "ADVAPI32.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 365 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventRegister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132e80" } ], "repeated": 0, "id": 366 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventSetInformation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132af0" } ], "repeated": 0, "id": 367 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800100000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 368 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800108000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 369 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\uxtheme.dll" }, { "name": "BaseAddress", "value": "0x7ffc28160000" } ], "repeated": 0, "id": 370 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc28160000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\uxtheme.dll" }, { "name": "dwFlags", "value": "0x00000008" } ], "repeated": 0, "id": 371 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "uxtheme.dll" }, { "name": "ModuleHandle", "value": "0x7ffc28160000" }, { "name": "FunctionName", "value": "ThemeInitApiHook" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2816cde0" } ], "repeated": 0, "id": 372 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 373 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xf1o\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 374 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000260" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 375 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x0000025c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x44980006c100" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12652" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 376 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x0000025c", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x44980006c100" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12652" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 377 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a36000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 378 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000260" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 379 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800029000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 380 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000268" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000260" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize" } ], "repeated": 0, "id": 381 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "identity_helper.exe" }, { "name": "ModuleHandle", "value": "0x7ff7809a0000" }, { "name": "FunctionName", "value": "GetHandleVerifier" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ff780a26850" } ], "repeated": 0, "id": 382 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000268" }, { "name": "ValueName", "value": "AppsUseLightTheme" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme" } ], "repeated": 0, "id": 383 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980010c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 384 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980011c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 385 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800124000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 386 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000268" } ], "repeated": 0, "id": 387 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000260" } ], "repeated": 0, "id": 388 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000268" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\icudtl.dat" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 389 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 390 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000270" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "MSCTF.dll" } ], "repeated": 0, "id": 391 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000026c" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000268" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\icudtl.dat" } ], "repeated": 0, "id": 392 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 393 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 394 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 395 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35b000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 396 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000270" } ], "repeated": 0, "id": 397 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35b000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 398 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00i\\x00l\\x00e\\x00s\\x00\\x02\\x00\\x00\\x00x\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00i\\x00c\\x00r\\x00o\\x00\\x02\\x00\\x00\\x00f\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00e\\x00\\\\x00A\\x00p\\x00\\x02\\x00\\x00\\x00i\\x00c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00n\\x00\\\\x001\\x004\\x00\\x02\\x00\\x00\\x000\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x008\\x003\\x00\\\\x00\\x02\\x00\\x00\\x00u\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00a\\x00t\\x00\\x00\\x00\\x02\\x00\\x02\\x00\\x00\\x00\\x05\\xc0?W\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 399 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MSCTF" }, { "name": "DllBase", "value": "0x7ffc2b280000" } ], "repeated": 0, "id": 400 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000268" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\icudtl.dat" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x000\\xbe\\x00\\x00\\x00\\x00\\x00\\x00%\\xbe\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 401 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000026c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c400000" }, { "name": "SectionOffset", "value": "0x5093d9e850" }, { "name": "ViewSize", "value": "0x00be3000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 402 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 403 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x44980006c100" } ], "repeated": 0, "id": 404 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000274" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 405 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9fe48", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x3b98e8d31000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 406 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800204000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 407 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffbbfc6ef1b", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "Kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 408 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2adb156c", "parentcaller": "0x7ffbbfc6ef2b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "SetThreadDescription" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc39c0" } ], "repeated": 0, "id": 409 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfcaa10d", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "LoaderLockSampler" } ], "repeated": 0, "id": 410 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfcaa10d", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 411 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000027c" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\v8_context_snapshot.bin" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 412 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12652", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbaeec1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000278" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 1, "id": 413 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000280" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000027c" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\v8_context_snapshot.bin" } ], "repeated": 0, "id": 414 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000027c" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\v8_context_snapshot.bin" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\\x0b\\x00\\x00\\x00\\x00\\x00\\x88=\\x0b\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 415 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000280" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09e60000" }, { "name": "SectionOffset", "value": "0x5093d9eea0" }, { "name": "ViewSize", "value": "0x000b4000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 416 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\msctf" }, { "name": "BaseAddress", "value": "0x7ffc2b280000" }, { "name": "InitRoutine", "value": "0x7ffc2b2c0760" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 417 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 418 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 419 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000288" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_100_percent.pak" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 420 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 421 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 422 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 423 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 424 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000290" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" } ], "repeated": 0, "id": 425 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000290" }, { "name": "ValueName", "value": "en-US" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US" } ], "repeated": 0, "id": 426 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000290" } ], "repeated": 0, "id": 427 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000290" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" } ], "repeated": 0, "id": 428 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000290" }, { "name": "ValueName", "value": "en-US" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US" } ], "repeated": 0, "id": 429 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000290" } ], "repeated": 0, "id": 430 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000288" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_100_percent.pak" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\xb0\\x13\\x00\\x00\\x00\\x00\\x00\\xf7\\xa4\\x13\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 431 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000294" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e000000" }, { "name": "SectionOffset", "value": "0x5093d9e600" }, { "name": "ViewSize", "value": "0x0013b000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 432 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000298" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "\\Sessions\\1\\Windows\\ThemeSection" } ], "repeated": 0, "id": 433 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000029c" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "\\Windows\\Theme661499817" } ], "repeated": 0, "id": 434 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002a0" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "\\Sessions\\1\\Windows\\Theme2324452754" } ], "repeated": 0, "id": 435 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09f20000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 436 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000290" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_200_percent.pak" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 437 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 438 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 439 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 440 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 441 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000028c" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000290" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_200_percent.pak" } ], "repeated": 0, "id": 442 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002a4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 443 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 444 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002a8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 445 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 446 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002ac" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 447 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002ac" } ], "repeated": 0, "id": 448 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002a8" } ], "repeated": 0, "id": 449 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002a4" } ], "repeated": 0, "id": 450 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12644", "caller": "0x7ff7809bb737", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002a4" } ], "repeated": 0, "id": 451 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000290" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_200_percent.pak" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00`\\x1e\\x00\\x00\\x00\\x00\\x00cY\\x1e\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 452 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000028c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e140000" }, { "name": "SectionOffset", "value": "0x5093d9e600" }, { "name": "ViewSize", "value": "0x001e6000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 453 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980012c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 454 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980012d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 455 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800138000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 456 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800140000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 457 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 458 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980011c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 459 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800138000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 460 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800148000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 461 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800140000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 462 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 463 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980011c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 464 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800138000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 465 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800140000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 466 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980014c000" }, { "name": "RegionSize", "value": "0x0000e000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 467 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 468 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800138000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 469 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800140000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 470 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980015c000" }, { "name": "RegionSize", "value": "0x0000a000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 471 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980014c000" }, { "name": "RegionSize", "value": "0x0000e000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 472 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800125000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 473 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales" } ], "repeated": 0, "id": 474 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales\\en-US.pak" } ], "repeated": 0, "id": 475 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000298" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales\\en-US.pak" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 476 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002a8" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000298" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales\\en-US.pak" } ], "repeated": 0, "id": 477 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000298" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales\\en-US.pak" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00`\r\\x00\\x00\\x00\\x00\\x00 U\r\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 478 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002a8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e330000" }, { "name": "SectionOffset", "value": "0x5093d9e610" }, { "name": "ViewSize", "value": "0x000d6000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 479 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000002ac" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\resources.pak" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 480 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002b0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000002ac" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\resources.pak" } ], "repeated": 0, "id": 481 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000002ac" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\resources.pak" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00P\\x1d\\x02\\x00\\x00\\x00\\x00LA\\x1d\\x02\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 482 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002b0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e410000" }, { "name": "SectionOffset", "value": "0x5093d9e710" }, { "name": "ViewSize", "value": "0x021d5000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 483 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800168000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 484 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980000a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 485 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "RegisterTraceGuidsW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132a10" } ], "repeated": 0, "id": 486 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "OpenProcessToken" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee6ac0" } ], "repeated": 0, "id": 487 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000002b8" } ], "repeated": 0, "id": 488 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "GetTokenInformation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee61d0" } ], "repeated": 0, "id": 489 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 490 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xc7\\x04\\x00\\x98D\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 491 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "IsValidSid" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee6d80" } ], "repeated": 0, "id": 492 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "GetLengthSid" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee68c0" } ], "repeated": 0, "id": 493 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "ConvertSidToStringSidW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee5a70" } ], "repeated": 0, "id": 494 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b8" } ], "repeated": 0, "id": 495 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 496 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 497 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 498 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 499 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 500 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlGetDeviceFamilyInfoEnum" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d12f850" } ], "repeated": 0, "id": 501 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002b8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" } ], "repeated": 0, "id": 502 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002b8" }, { "name": "ValueName", "value": "DeviceForm" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm" } ], "repeated": 0, "id": 503 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b8" } ], "repeated": 0, "id": 504 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "USER32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 505 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2c7c0000", "arguments": [ { "name": "lpLibFileName", "value": "USER32.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 506 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "PostThreadMessageW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e7ee0" } ], "repeated": 0, "id": 507 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "windows", "api": "PostThreadMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessId", "value": "12320" }, { "name": "ThreadId", "value": "12324" }, { "name": "Message", "value": "0" } ], "repeated": 0, "id": 508 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "PeekMessageW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7ca3e0" } ], "repeated": 0, "id": 509 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 510 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQuerySection" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18d9f0" } ], "repeated": 0, "id": 511 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtDuplicateObject", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000940" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000000" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 512 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 513 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "1", "pretty_value": "FILE_OPEN" } ], "repeated": 0, "id": 514 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-core-wow64-l1-1-1.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 515 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "IsWow64Process2" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc70e0" } ], "repeated": 0, "id": 516 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "RegOpenKeyExW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee6180" } ], "repeated": 0, "id": 517 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" }, { "name": "Handle", "value": "0x000002b8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" } ], "repeated": 0, "id": 518 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "RegQueryValueExW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee6160" } ], "repeated": 0, "id": 519 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b8" }, { "name": "ValueName", "value": "UBR" }, { "name": "Data", "value": "3803" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR" } ], "repeated": 0, "id": 520 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b8" }, { "name": "ValueName", "value": "DisplayVersion" }, { "name": "Data", "value": "22H2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion" } ], "repeated": 0, "id": 521 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "RegCloseKey" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cee6930" } ], "repeated": 0, "id": 522 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b8" } ], "repeated": 0, "id": 523 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 524 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "IsWow64Process2" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc70e0" } ], "repeated": 0, "id": 525 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000940" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09f40000" }, { "name": "SectionOffset", "value": "0x5093d9eef0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 526 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09f40000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 527 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000940" } ], "repeated": 0, "id": 528 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x0000138c" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000940" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 529 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000940" } ], "repeated": 0, "id": 530 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000138c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09f40000" }, { "name": "SectionOffset", "value": "0x5093d9ede0" }, { "name": "ViewSize", "value": "0x00080000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 531 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000138c" } ], "repeated": 0, "id": 532 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtDuplicateObject", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x0000093c" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000000" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 533 }, { "timestamp": "2026-05-28 21:41:47,191", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000093c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09fc0000" }, { "name": "SectionOffset", "value": "0x5093d9ebe0" }, { "name": "ViewSize", "value": "0x00040000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 534 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980009d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 535 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800059000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 536 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980009e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 537 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800049000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 538 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980009f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 539 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980005a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 540 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980004d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 541 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980017c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 542 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980017d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 543 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980005b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 544 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980017e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 545 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980004e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 546 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980017f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 547 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800180000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 548 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000093c" } ], "repeated": 0, "id": 549 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800184000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 550 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 551 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980004a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 552 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800194000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 553 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800005000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 554 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000002b8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x44980006c310" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12660" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 555 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000002b8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x44980006c310" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12660" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 556 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800169000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 557 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfc\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00$0\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 0, "id": 558 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a38000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 559 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b06000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 560 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800140000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 561 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 562 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 563 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001a0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 564 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001a1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 565 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 566 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x44980006c310" } ], "repeated": 0, "id": 567 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000002c0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 568 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800208000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 569 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001a4000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 570 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800204000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 571 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001a7000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 572 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfcaa10d", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "PerfettoTrace" } ], "repeated": 0, "id": 573 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980005d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 574 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001aa000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 575 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfcaa10d", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 576 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001ad000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 577 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001a2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 578 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc2ad7e6f6", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "Kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 579 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001b0000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 580 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "GetThreadDescription" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2ae78e60" } ], "repeated": 0, "id": 581 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00+\\x02\\x00\\x00`\\x80\\xa0\\x07+\\x02\\x00\\x00\\xa6I\\x8e\\x0f\\x02\\xc0?W\\xa8\\xa9\\xa0\\x07+\\x02\\x00\\x00\\xa8q\\xa3\\x07+\\x02\\x00\\x00\\xd8\\xce\\xa0\\x07+\\x02\\x00\\x00i\\x00l\\x00e\\x00s\\x00 \\x00(\\x00x\\x008\\x006\\x00)\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00E\\x00d\\x00g\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\\\x001\\x004\\x008\\x00.\\x000\\x00.\\x003\\x009\\x006\\x007\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 1, "id": 582 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b078f1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 583 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a48000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 584 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x88\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 0, "id": 585 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "kernel32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 586 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "WerRegisterCustomMetadata" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d02bbf0" } ], "repeated": 0, "id": 587 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 588 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 589 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 590 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 591 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 592 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 593 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 594 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 595 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 596 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 597 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 598 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 599 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 600 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 601 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" }, { "name": "Milliseconds", "value": "4000" } ], "repeated": 0, "id": 602 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 603 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 604 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 605 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 606 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" }, { "name": "Milliseconds", "value": "4000" } ], "repeated": 0, "id": 607 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000204" } ], "repeated": 0, "id": 608 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 609 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 610 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 611 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 612 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 613 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 614 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 615 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 616 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 617 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 618 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 619 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980016c000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 620 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980004f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 621 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980012d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 622 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x4498001a7000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 623 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800165000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 624 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x3b98e8b33000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 625 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00002000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 626 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00004000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 627 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00004000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 628 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00008000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 629 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00014000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 630 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00014000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 631 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00008000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 632 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00008000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 633 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00014000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 634 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00014000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 635 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00008000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 636 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00008000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 637 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00024000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 638 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00030000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 639 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980020c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 640 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800208000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 641 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800210000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 642 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0003c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 643 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00004000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 644 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00040000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 645 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00050000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 646 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00054000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 647 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000002d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050200" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12664" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 648 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000002d4", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050200" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12664" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 649 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a39000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 650 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 651 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 652 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 653 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000006000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 654 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800212000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 655 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00058000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 656 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00068000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 657 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 658 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050200" } ], "repeated": 0, "id": 659 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000002dc" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 660 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0006c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 661 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0007c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 662 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0008c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 663 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ae78ec6", "parentcaller": "0x7ffbbfc50158", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x86\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12664" } ], "repeated": 0, "id": 664 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00090000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 665 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0009c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 666 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00090000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 667 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0009c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 668 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfe91293", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "HangWatcher" } ], "repeated": 0, "id": 669 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfe91293", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 670 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbaee58", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 671 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12664", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbaee58", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002cc" }, { "name": "Milliseconds", "value": "10000" } ], "repeated": 0, "id": 672 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00090000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 673 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000ac000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 674 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x83\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 0, "id": 675 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0009c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 676 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "winrt_app_id.CrUtilityMain" } ], "repeated": 0, "id": 677 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 678 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "shell32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b840000" } ], "repeated": 0, "id": 679 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b840000", "arguments": [ { "name": "lpLibFileName", "value": "shell32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 680 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000002f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050160" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12668" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 681 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000002f8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050160" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12668" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 682 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a3a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 683 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000b0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 684 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800213000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 685 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 686 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050160" } ], "repeated": 0, "id": 687 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000308" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 688 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980021c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 689 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980020c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 690 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00025000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 691 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0008d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 692 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2ae78ec6", "parentcaller": "0x7ffbbfc50158", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x89\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12668" } ], "repeated": 0, "id": 693 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000304" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050140" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12672" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 694 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000304", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050140" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12672" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 695 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00005000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 696 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfcaa10d", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "ThreadPoolServiceThread" } ], "repeated": 0, "id": 697 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfcaa10d", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 698 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12668", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbaeec1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000318" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 699 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a3b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 700 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a3c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 701 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800215000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 702 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000314" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050100" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12676" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 703 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000314", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050100" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12676" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 704 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 705 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050140" } ], "repeated": 0, "id": 706 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000320" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 707 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00059000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 708 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0006d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 709 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0007d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 710 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ae78ec6", "parentcaller": "0x7ffbbfc50158", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x82\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12672" } ], "repeated": 0, "id": 711 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0009e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 712 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfc6ed3f", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "ThreadPoolForegroundWorker" } ], "repeated": 0, "id": 713 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfc6ed3f", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 714 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbf4b81", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 715 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12672", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbf4b81", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000300" }, { "name": "Milliseconds", "value": "60118" } ], "repeated": 0, "id": 716 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a3d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 717 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a49000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 718 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800216000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 719 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 720 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c00050100" } ], "repeated": 0, "id": 721 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2adbc6f3", "parentcaller": "0x7ffc2adbc5aa", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\x841\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12676" } ], "repeated": 0, "id": 722 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2adbc728", "parentcaller": "0x7ffc2adbc5aa", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "24" }, { "name": "ThreadInformation", "value": "\\x05\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12676" } ], "repeated": 0, "id": 723 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12676", "caller": "0x7ffc2adbc752", "parentcaller": "0x7ffc2adbc5aa", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "22" }, { "name": "ThreadInformation", "value": "\\x02\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12676" } ], "repeated": 0, "id": 724 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000328" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c000500c0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12680" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "msedge.dll" } ], "repeated": 0, "id": 725 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000328", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffbbfc69bd0" }, { "name": "Parameter", "value": "0x449c000500c0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12680" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 726 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a3e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 727 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000c0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 728 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000c4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 729 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000007000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 730 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00014000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 731 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000d0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 732 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800218000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 733 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 734 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00015000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 735 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000338" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 736 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00009000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 737 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0008e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 738 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ae78ec6", "parentcaller": "0x7ffbbfc50158", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x80\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12680" } ], "repeated": 0, "id": 739 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 740 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0009f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 741 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfcaa10d", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "Chrome_ChildIOThread" } ], "repeated": 0, "id": 742 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfcaa10d", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 743 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 744 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000ad000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 745 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000f0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 746 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000b1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 747 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000c1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 748 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800219000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 749 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12660", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00100000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 750 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000c2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 751 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000c3000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 752 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00006000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 753 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0006e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 754 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 755 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00026000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 756 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2add0e99", "parentcaller": "0x7ffbc0479c7a", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "FileInformationClass", "value": "30", "pretty_value": "FileCompletionInformation" }, { "name": "FileInformation", "value": "<\\x03\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\r\\x00\\x9cD\\x00\\x00" } ], "repeated": 0, "id": 757 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00007000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 758 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0000a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 759 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00051000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 760 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00104000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 761 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbc0479b5f", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00P\\x00\\x00\\x00_Dz \\x00\\x00\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "80" } ], "repeated": 0, "id": 762 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0000b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 763 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0010c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 764 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00110000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 765 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbc0479d2e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xc8\\x00\\x00\\x00S\\x8eq \\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00=z4\\xd8\\x14\\xbf[f6\"\\x90\\x9a\\xd6\\xc6\\x00\\x87\\x1b\\xa8\\x0f9\\x17\\xf7\\x8d\\x95\\xde',\\xa4+\\xbd=\\x02\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x008\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x96\\x84\\xa8\\xb4\\xef\\xad\\xbf\\xdc\\xa8,|\\x84pGI\\xfd\\x10\\x00\\x00\\x00\\x88\\x01\\x00\\x00:Gz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 766 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000d1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 767 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbede4292", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000004" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000340" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 768 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffbbede42a3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000340" } ], "repeated": 0, "id": 769 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2adbc386", "parentcaller": "0x7ffc2adbc25e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000004" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b105f0000" }, { "name": "SectionOffset", "value": "0x5094dfea70" }, { "name": "ViewSize", "value": "0x00020000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 770 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000004" } ], "repeated": 0, "id": 771 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00114000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 772 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 773 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "8000" } ], "repeated": 0, "id": 774 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 775 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "8000" } ], "repeated": 0, "id": 776 }, { "timestamp": "2026-05-28 21:41:47,207", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbf640093", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xd4Iz \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 777 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00055000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 778 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00016000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 779 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00120000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 780 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0012c000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 781 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "48" } ], "repeated": 0, "id": 782 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00X\\x00\\x00\\x00\\xb2Jz \\x00\\x00\\x00\\x00\\x18\\x00\"\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x05\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "88" } ], "repeated": 0, "id": 783 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00108000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 784 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0010c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 785 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2adb1762", "parentcaller": "0x7ffbbec5d9a5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00110000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 786 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x008\\x01\\x00\\x00MGz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00H\\x00\\x00\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd7U\\x8dN\\x00\\x00\\x00\\x00\\xb6\\xe5\\x9f\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x05\\x00\\x00@\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "376" } ], "repeated": 0, "id": 787 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000ae000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 788 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00X\\x00\\x00\\x00\\xc3Jz \\x00\\x00\\x00\\x00\\x18\\x00\"\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x05\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "88" } ], "repeated": 0, "id": 789 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\x0fMz \\x00\\x00\\x00\\x00\\x18\\x00#\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 790 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x00\\x99Kz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 791 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 792 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\x0fMz \\x00\\x00\\x00\\x00\\x18\\x00#\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 793 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xa0\\x01\\x00\\x00\\x9aKz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\xb8\\x00\\x00\\x00\\xc8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00P\\x00\\x00\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x87\\x1bV\\x00\\x00\\x00\\x00\\x7f\\x07\\xf4A\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "416" } ], "repeated": 0, "id": 794 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x002Lz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x06\\x00\\x00@\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 795 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x00\\xfaLz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00z\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x06\\x00\\x00@\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 796 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00X\\x00\\x00\\x00VQz \\x00\\x00\\x00\\x00\\x18\\x00\"\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x07\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00p\\x00\\x00\\x00[Rz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "200" } ], "repeated": 0, "id": 797 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x00\\x8fMz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x06\\x00\\x00@\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 798 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000a0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 799 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00108000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 800 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00X\\x00\\x00\\x00VQz \\x00\\x00\\x00\\x00\\x18\\x00\"\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x07\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00p\\x00\\x00\\x00[Rz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "200" } ], "repeated": 0, "id": 801 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-winrt-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 802 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b400000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-winrt-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 803 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xb8\\x00\\x00\\x00\\x8fMz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00@\\x00\\x00\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00B\\x1aQ\\x13\\x01\\x00\\x00\\x00}\\x07\\xf4A\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "184" } ], "repeated": 0, "id": 804 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbede4292", "category": "system", "api": "NtDuplicateObject", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000004" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000000" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 805 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbede4292", "category": "system", "api": "NtDuplicateObject", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000340" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000000" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 806 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": false, "return": "0xffffffffc0000135", "pretty_return": "DLL_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\system32\\rpcss.dll" }, { "name": "ModuleHandle", "value": "0x00000000" } ], "repeated": 0, "id": 807 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\x18\\x01\\x00\\x00\\x0eVz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x008\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x8d\\xa19\\xf1\\xb67\\x8f\\x95?9\\x88\\x96\\xa3\\x8eJ@\\x00\\x00\\x008\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x03\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x08\\x00\\x00\\x00" }, { "name": "Length", "value": "280" } ], "repeated": 0, "id": 808 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 809 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x008\\x00\\x00\\x00\\x9aMz \\x00\\x00\\x00\\x00\\x18\\x00$\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "56" } ], "repeated": 0, "id": 810 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "kernel.appcore.dll" } ], "repeated": 0, "id": 811 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\kernel.appcore.dll" } ], "repeated": 0, "id": 812 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x003Nz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00@\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 813 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000350" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000034c" }, { "name": "FileName", "value": "C:\\Windows\\System32\\kernel.appcore.dll" } ], "repeated": 0, "id": 814 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x008\\x01\\x00\\x005Nz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00H\\x00\\x00\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xaa\\xb1\\xd4T\\x00\\x00\\x00\\x00{\\x07\\xf4A\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x07\\x00\\x00@\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "312" } ], "repeated": 0, "id": 815 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc286bf000" }, { "name": "ModuleName", "value": "kernel.appcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 816 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc286b5000" }, { "name": "ModuleName", "value": "kernel.appcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 817 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00sZz \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 818 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc286b5000" }, { "name": "ModuleName", "value": "kernel.appcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 819 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc286b5000" }, { "name": "ModuleName", "value": "kernel.appcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 820 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc286b5000" }, { "name": "ModuleName", "value": "kernel.appcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 821 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x008\\x00\\x00\\x00\\xbfOz \\x00\\x00\\x00\\x00\\x18\\x00$\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "56" } ], "repeated": 0, "id": 822 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc286b5000" }, { "name": "ModuleName", "value": "kernel.appcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 823 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00sZz \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 824 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00rPz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 825 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x00/Qz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x07\\x00\\x00@\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 826 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xeb]z \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 827 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xfcRz \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 828 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xd9Tz \\x00\\x00\\x00\\x00\\x18\\x00#\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 829 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\x8eXz \\x00\\x00\\x00\\x00\\x18\\x00#\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 830 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\kernel.appcore" }, { "name": "BaseAddress", "value": "0x7ffc286b0000" }, { "name": "InitRoutine", "value": "0x7ffc286b3f10" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 831 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\x0cYz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 832 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 833 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 834 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 835 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a40000" }, { "name": "RegionSize", "value": "0x00006000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 836 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 837 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 838 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00070000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 839 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00027000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 840 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00109000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 841 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0005a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 842 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e3000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 843 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtDuplicateObject", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000004" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000000" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 844 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtDuplicateObject", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000340" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000000" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 845 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000004" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c1f0000" }, { "name": "SectionOffset", "value": "0x5093d9d190" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 846 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000004" } ], "repeated": 0, "id": 847 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000340" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0cff0000" }, { "name": "SectionOffset", "value": "0x5093d9d190" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 848 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000340" } ], "repeated": 0, "id": 849 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000b2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 850 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00121000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 851 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\x07iz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 852 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xf4iz \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 853 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 854 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "7992" } ], "repeated": 0, "id": 855 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffbbf5ec4eb", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\x841\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xfc\\xff\\xff\\xff" }, { "name": "ThreadId", "value": "12676" } ], "repeated": 0, "id": 856 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffbbfc69c51", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000358" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 857 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0007e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 858 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0008f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 859 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2ae78ec6", "parentcaller": "0x7ffbbfc50158", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "38" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x8c\\xa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12676" } ], "repeated": 0, "id": 860 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffbbfc6eecc", "parentcaller": "0x7ffbbfc6ed3f", "category": "threading", "api": "SetThreadDescription", "status": true, "return": "0x10000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadDescription", "value": "ThreadPoolBackgroundWorker" } ], "repeated": 0, "id": 861 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffbbfc6eee8", "parentcaller": "0x7ffbbfc6ed3f", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 862 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbf4b81", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 863 }, { "timestamp": "2026-05-28 21:41:47,223", "thread_id": "12676", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbf4b81", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "Milliseconds", "value": "60106" } ], "repeated": 0, "id": 864 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 865 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "7953" } ], "repeated": 0, "id": 866 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\x99\\x02{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 867 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0013c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 868 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xf0\\x03{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00z\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 869 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xd8\\x00\\x00\\x00N\\x03{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x94\\xe2\\x9f\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00@KL\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00@\\x01\\x00\\x00`\\x03{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "3712" } ], "repeated": 0, "id": 870 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000d2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 871 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\x18\\x01\\x00\\x00k\\x05{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\xa0\\x00\\x00\\x008\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\xdfy\\x1d\\x01\\x00\\x00\\x00\\xb2\\xe5\\x9f\\x18\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x1c\\x00\\x00\\x00 \\x00-\\x00-\\x00p\\x00r\\x00o\\x00f\\x00i\\x00l\\x00e\\x00-\\x00d\\x00i\\x00r\\x00e\\x00c\\x00" }, { "name": "Length", "value": "280" } ], "repeated": 0, "id": 872 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\\\x05{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 873 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xfd\\x06{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 874 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xea\\x07{ \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 875 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Classes\\CLSID\\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\\LocalServer32" }, { "name": "Handle", "value": "0x0000035c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\\LocalServer32" } ], "repeated": 0, "id": 876 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000035c" } ], "repeated": 0, "id": 877 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-winrt-string-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 878 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b400000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-winrt-string-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 879 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "WindowsCreateStringReference" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b447ac0" } ], "repeated": 0, "id": 880 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "RoGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b42c1a0" } ], "repeated": 0, "id": 881 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 882 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "CLSIDFromOle1Class" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4af760" } ], "repeated": 0, "id": 883 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000370" } ], "repeated": 0, "id": 884 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "20" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 885 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "18" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 886 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x10\\xd0\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\xc0f\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xbdf\\x14\\xfc\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc0\\xd0\\xd9\\x93P\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc0f\\x14" } ], "repeated": 0, "id": 887 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000374" }, { "name": "DesiredAccess", "value": "0x02000000", "pretty_value": "MAXIMUM_ALLOWED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\User\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes" } ], "repeated": 0, "id": 888 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000370" } ], "repeated": 0, "id": 889 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 890 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000370" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 891 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000370" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 892 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 893 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000378" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 894 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 895 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000340" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 896 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000340" } ], "repeated": 0, "id": 897 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000378" } ], "repeated": 0, "id": 898 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000370" } ], "repeated": 0, "id": 899 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000370" } ], "repeated": 0, "id": 900 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000370" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\__ComCatalogCache__" } ], "repeated": 0, "id": 901 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000370" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10610000" }, { "name": "SectionOffset", "value": "0x5093d9d0e0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 902 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a4a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 903 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\COM3" }, { "name": "Handle", "value": "0x00000378" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3" } ], "repeated": 0, "id": 904 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000378" }, { "name": "ValueName", "value": "Com+Enabled" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled" } ], "repeated": 0, "id": 905 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000378" } ], "repeated": 0, "id": 906 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 907 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000378" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "clbcatq.dll" } ], "repeated": 0, "id": 908 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000378" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c9c0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000a9000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 909 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca64000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 910 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca39000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 911 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca39000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 912 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca39000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 913 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca39000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 914 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca38000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 915 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000378" } ], "repeated": 0, "id": 916 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ca38000" }, { "name": "ModuleName", "value": "clbcatq.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 917 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\clbcatq" }, { "name": "DllBase", "value": "0x7ffc2c9c0000" } ], "repeated": 0, "id": 918 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b07000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 919 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtOpenEvent", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000380" }, { "name": "EventName", "value": "\\KernelObjects\\MaximumCommitCondition" } ], "repeated": 0, "id": 920 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\clbcatq" }, { "name": "BaseAddress", "value": "0x7ffc2c9c0000" }, { "name": "InitRoutine", "value": "0x7ffc2c9dd990" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 921 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 922 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 923 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000384" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime" } ], "repeated": 0, "id": 924 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000388" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000384" }, { "name": "ObjectAttributesName", "value": "ActivatableClassId" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId" } ], "repeated": 0, "id": 925 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000038c" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.ApplicationModel.Background.BackgroundExecutionManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager" } ], "repeated": 0, "id": 926 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000038c" }, { "name": "KeyInformation", "value": "[\\xff9a\\xffe5\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00E\\x00x\\x00e\\x00c\\x00u\\x00t\\x00i\\x00o\\x00n\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00h\\xffcd\\xffd9\\xff93P\\x00\\x00\\x00\\xffe5\\xff94\\xff91\\xffc2\\xff8b\\xff88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff89\\xffa4\\x07+\\x02\\x00\\x00\\xffd0\\xffe4\\xffe0\\xffce\\xfffb\\x7f\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffe0w\\xffa4\\x07+\\x02\\x00\\x00\\xffb0\\xffcd\\xffd9\\xff93P\\x00\\x00\\x00\\xffe4ID\\x14\\xfffc\\x7f\\x00\\x00\\xffd0\\xffe4\\xffe0\\xffce\\xfffb\\x7f\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xff84\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffb8\\xffcff\\x14\\xfffc\\x7f\\x00\\x00\\xffe0w\\xffa4\\x07+\\x02\\x00\\x00\\xfff8\\xff81f\\x14\\xfffc\\x7f\\x00\\x00\\x19\\x01\\x02\\x00+\\x02\\x00\\x00h\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xff84\\x03\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffa0\\xffcd\\xffd9\\xff93P\\x00\\x00\\x00\\xff98\\xff85f\\x14\\xfffc\\x7f\\x00\\x00\\xffb0\\xffcd\\xffd9\\xff93P\\x00\\x00\\x00p\\x13\\xffa3\\x07+\\x02\\x00\\x00\\xffb0tE+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x000\\xffcf\\xffd9\\xff93P\\x00\\x00\\x00\\xffe0w\\xffa4\\x07+\\x02\\x00\\x00\\xffa0\\xff89\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xff8c\\x13\\xffa3\\x07+\\x02\\x00\\x000\\x00\\x00\\x00+\\x02\\x00\\x00\\xff84\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffcd\\xffd9\\xff93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0w\\xffa4\\x07+\\x02\\x00\\x00\\x19hE+\\xfffc\\x7f\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 927 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivationType" } ], "repeated": 0, "id": 928 }, { "timestamp": "2026-05-28 21:41:47,269", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Server" } ], "repeated": 0, "id": 929 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\execmodelclient.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\DllPath" } ], "repeated": 0, "id": 930 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Threading" } ], "repeated": 0, "id": 931 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\TrustLevel" } ], "repeated": 0, "id": 932 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000038c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\CustomAttributes" } ], "repeated": 0, "id": 933 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\RemoteServer" } ], "repeated": 0, "id": 934 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateAsUser" } ], "repeated": 0, "id": 935 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 936 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 937 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Permissions" } ], "repeated": 0, "id": 938 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 939 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis" } ], "repeated": 0, "id": 940 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" } ], "repeated": 0, "id": 941 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xce\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00+\\x02\\x00\\x00Q\\xd0\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t;2xOe\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xae#\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 942 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000038c" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 943 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000038c" }, { "name": "SubKey", "value": "Software\\Classes" }, { "name": "Handle", "value": "0x00000390" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes" } ], "repeated": 0, "id": 944 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" } ], "repeated": 0, "id": 945 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\" }, { "name": "NotifyFilter", "value": "0x10000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 946 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000394" } ], "repeated": 0, "id": 947 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\xd1\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xff\\xff\\xff\\xff\\xf8\\x81f\\x14\\xfc\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc0f\\x14\\xfc\\x7f\\x00\\x00\\x18\\xd2\\xd9\\x93P\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\x02\\xdc*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 948 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000394" } ], "repeated": 0, "id": 949 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\OLE" }, { "name": "Handle", "value": "0x00000394" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE" } ], "repeated": 0, "id": 950 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000394" }, { "name": "ValueName", "value": "MaxSxSHashCount" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount" } ], "repeated": 0, "id": 951 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000394" } ], "repeated": 0, "id": 952 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\shcore" }, { "name": "DllBase", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 953 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\PROPSYS" }, { "name": "DllBase", "value": "0x7ffc27140000" } ], "repeated": 0, "id": 954 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreMessaging" }, { "name": "DllBase", "value": "0x7ffc27dc0000" } ], "repeated": 0, "id": 955 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\execmodelclient" }, { "name": "DllBase", "value": "0x7ffc19830000" } ], "repeated": 0, "id": 956 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\execmodelclient.dll" }, { "name": "BaseAddress", "value": "0x7ffc19830000" } ], "repeated": 0, "id": 957 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc19830000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\execmodelclient.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 958 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19830000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1983ac80" } ], "repeated": 0, "id": 959 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19830000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1983b9b0" } ], "repeated": 0, "id": 960 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19830000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1983bb00" } ], "repeated": 0, "id": 961 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 962 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 963 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 964 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 965 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a4c000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 966 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00 \\xbf\\xa4\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc0\\xbf\\xa4\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xbf\\xa4\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf4\\xc0\\xa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xc1\\xa4\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x10\\xc1\\xa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xc1\\xa4\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x008\\xc1\\xa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc1\\xa4\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x10\\xc0\\xa4\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x96\\xc0\\xa4\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x9c\\xc0\\xa4\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 967 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 968 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00 \\xbf\\xa4\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc0\\xbf\\xa4\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xbf\\xa4\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xf4\\xc0\\xa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xc1\\xa4\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x10\\xc1\\xa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xc1\\xa4\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x008\\xc1\\xa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xc1\\xa4\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x10\\xc0\\xa4\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x96\\xc0\\xa4\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x9c\\xc0\\xa4\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 969 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0000034B-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "0000015B-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 970 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000003bc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 971 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000003bc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000003c0" } ], "repeated": 0, "id": 972 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 973 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" } ], "repeated": 0, "id": 974 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" } ], "repeated": 0, "id": 975 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfc\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00$0\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 0, "id": 976 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000003c4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x22b07b07570" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12716" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "shcore.dll" } ], "repeated": 0, "id": 977 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000003c4", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x22b07b07570" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "12716" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 978 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000003c4" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "12716" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 979 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c4" } ], "repeated": 0, "id": 980 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 981 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x44980021b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 982 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 983 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x22b07b07570" } ], "repeated": 0, "id": 984 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "shcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 985 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "shcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 986 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 987 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003c0" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer" } ], "repeated": 0, "id": 988 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc19869613", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000350" } ], "repeated": 0, "id": 989 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc198696fd", "parentcaller": "0x7ffc1986962b", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xf0\\xf4\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00P\\x00\\x00\\x00\\xa0\\xe5\\xa5\\x07+\\x02\\x00\\x00k\\x02\\xdc*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 990 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc19869675", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000350" } ], "repeated": 0, "id": 991 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType" } ], "repeated": 0, "id": 992 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server" } ], "repeated": 0, "id": 993 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\combase.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath" } ], "repeated": 0, "id": 994 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading" } ], "repeated": 0, "id": 995 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel" } ], "repeated": 0, "id": 996 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000003c0" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes" } ], "repeated": 0, "id": 997 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer" } ], "repeated": 0, "id": 998 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser" } ], "repeated": 0, "id": 999 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker" } ], "repeated": 0, "id": 1000 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 1001 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions" } ], "repeated": 0, "id": 1002 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1003 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" } ], "repeated": 0, "id": 1004 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\combase.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 1005 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b400000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\combase.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 1006 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4b58a0" } ], "repeated": 0, "id": 1007 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4df090" } ], "repeated": 0, "id": 1008 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 1009 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1010 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ole32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2c680000" } ], "repeated": 0, "id": 1011 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2c680000", "arguments": [ { "name": "lpLibFileName", "value": "ole32.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 1012 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ole32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c680000" }, { "name": "FunctionName", "value": "CoCreateFreeThreadedMarshaler" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4787a0" } ], "repeated": 0, "id": 1013 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc1985d259", "parentcaller": "0x7ffc19858bdd", "category": "com", "api": "CoGetClassObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "38142214-ED63-4965-9214-1BBC06E130E9" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "8E1BBBB9-B3D5-430D-B276-D0E7454CAAB2" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 1014 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a5f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1015 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003c0" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.UI.Notifications.ToastNotificationManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager" } ], "repeated": 0, "id": 1016 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003c0" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00b\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00N\\x00o\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00s\\x00.\\x00T\\x00o\\x00a\\x00s\\x00t\\x00N\\x00o\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd4\\xffd9\\xff93P\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x008\\xffd3\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd5\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffd4\\xffd9\\xff93P\\x00\\x00\\x00\\xffbf\\x19:\\xffe3\\x11\\xffbc\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xffa4\\x07+\\x02\\x00\\x008\\xffd3\\xffa4\\x07+\\x02\\x00\\x00\\x10\\xffd3\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd3\\xffa4\\x07+\\x02\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x10t\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10t\\xffa4\\x07+\\x02\\x00\\x000\\xffe8\\xffa5\\x07+\\x02\\x00\\x000\\xffe8\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffe8\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00P\\x1a\\xffa3\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffd6\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffe1\\xffa5\\x07+\\x02\\x00\\x00\\x10\\xffd3\\xffa4\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 1017 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivationType" } ], "repeated": 0, "id": 1018 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Server" } ], "repeated": 0, "id": 1019 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\DllPath" } ], "repeated": 0, "id": 1020 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Threading" } ], "repeated": 0, "id": 1021 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\TrustLevel" } ], "repeated": 0, "id": 1022 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000003c0" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\CustomAttributes" } ], "repeated": 0, "id": 1023 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\RemoteServer" } ], "repeated": 0, "id": 1024 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateAsUser" } ], "repeated": 0, "id": 1025 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 1026 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 1027 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x000000ea", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Type", "value": "0x5000000003" }, { "name": "DataLength", "value": "316" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Permissions" } ], "repeated": 0, "id": 1028 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Data", "value": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Permissions" } ], "repeated": 0, "id": 1029 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003c0" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1030 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003c0" } ], "repeated": 0, "id": 1031 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\twinapi.appcore" }, { "name": "DllBase", "value": "0x7ffc25980000" } ], "repeated": 0, "id": 1032 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\twinapi.appcore.dll" }, { "name": "BaseAddress", "value": "0x7ffc25980000" } ], "repeated": 0, "id": 1033 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12716", "caller": "0x7ffc1983907d", "parentcaller": "0x7ffc1985d2af", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "D648FEA1-EA00-4FF4-B8BD-034BD2B25A23" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "1D868537-EEA2-4C03-BB99-8A58862F7A59" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 1034 }, { "timestamp": "2026-05-28 21:41:47,285", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wintypes" }, { "name": "DllBase", "value": "0x7ffc26fe0000" } ], "repeated": 0, "id": 1035 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\RMCLIENT" }, { "name": "DllBase", "value": "0x7ffc284d0000" } ], "repeated": 0, "id": 1036 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\XmlLite" }, { "name": "DllBase", "value": "0x7ffc26310000" } ], "repeated": 0, "id": 1037 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\wpnapps" }, { "name": "DllBase", "value": "0x7ffc16860000" } ], "repeated": 0, "id": 1038 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad7cc1f", "parentcaller": "0x7ffc2d00b8ed", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x0000040c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a47e50" }, { "name": "CreateFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12736" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "combase.dll" } ], "repeated": 0, "id": 1039 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\wpnapps.dll" }, { "name": "BaseAddress", "value": "0x7ffc16860000" } ], "repeated": 0, "id": 1040 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc16860000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\wpnapps.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 1041 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "ModuleHandle", "value": "0x7ffc16860000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc16877d00" } ], "repeated": 0, "id": 1042 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "ModuleHandle", "value": "0x7ffc16860000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1687b840" } ], "repeated": 0, "id": 1043 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12736", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a56000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1044 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12736", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a57000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1045 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a67000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1046 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a5a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1047 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12736", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800220000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1048 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12736", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1049 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12736", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a47e50" } ], "repeated": 0, "id": 1050 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a78000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1051 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a79000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1052 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a68000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1053 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b08000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1054 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800222000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1055 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1056 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2d142b30" }, { "name": "Parameter", "value": "0x22b07a02340" } ], "repeated": 0, "id": 1057 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000042c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1058 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a69000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1059 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12744", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a6a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1060 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a7a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1061 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a7c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1062 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a7d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1063 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a7e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1064 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a7f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1065 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2c581630", "parentcaller": "0x7ffc2c5812cd", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1066 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a82000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1067 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b13000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1068 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000104000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1069 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800223000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1070 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0005b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1071 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1072 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2d142b30" }, { "name": "Parameter", "value": "0x22b07a02340" } ], "repeated": 0, "id": 1073 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000440" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1074 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000444" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1075 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1076 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000448" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1077 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000044c" } ], "repeated": 0, "id": 1078 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1079 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xf8\\x05\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1080 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x1a\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1081 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12752", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a7b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1082 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1083 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12752", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a80000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1084 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1085 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x18\\x11\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1086 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x005\\xb2W\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00`\\xea\\x1f\\x95P\\x00\\x00\\x00X\\xea\\x1f\\x95P\\x00\\x00\\x00(\\xea\\x1f\\x95P\\x00\\x00\\x00H\\xea\\x1f\\x95" } ], "repeated": 0, "id": 1087 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x11\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xe8\\x1f\\x95P\\x00\\x00\\x00L\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1088 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1089 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "X\\x00\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1090 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "`\\x16\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1091 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1092 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "x\\xbd\\xa2\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1093 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1094 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x98\\x1b\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1095 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x95\\x8dW\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xc0\\xe6\\x1f\\x95P\\x00\\x00\\x00\\xb8\\xe6\\x1f\\x95P\\x00\\x00\\x00\\x88\\xe6\\x1f\\x95P\\x00\\x00\\x00\\xa8\\xe6\\x1f\\x95" } ], "repeated": 0, "id": 1096 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x1b\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xe4\\x1f\\x95P\\x00\\x00\\x00L\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1097 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000448" } ], "repeated": 0, "id": 1098 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044c" } ], "repeated": 0, "id": 1099 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000444" } ], "repeated": 0, "id": 1100 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12752", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800225000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1101 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12752", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0006b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1102 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1103 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1104 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12752", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1105 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2d142b30" }, { "name": "Parameter", "value": "0x22b07a02340" } ], "repeated": 0, "id": 1106 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 1107 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4d41cf", "parentcaller": "0x7ffc2d1338c0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0000032A-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000149-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 1108 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 1109 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000454" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a655d0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12756" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "combase.dll" } ], "repeated": 0, "id": 1110 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000454", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a655d0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12756" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 1111 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000454" } ], "repeated": 0, "id": 1112 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1113 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1114 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a89000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1115 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b14000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1116 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1117 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a655d0" } ], "repeated": 0, "id": 1118 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000045c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1119 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}" }, { "name": "Handle", "value": "0x00000462" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}" } ], "repeated": 0, "id": 1120 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000462" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1121 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xd0?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00b\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x90\\xd1?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1122 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1123 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub" }, { "name": "DllBase", "value": "0x7ffc1c0a0000" } ], "repeated": 0, "id": 1124 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000462" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1125 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000464" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000462" }, { "name": "ObjectAttributesName", "value": "ProxyStubClsid32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1126 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{00000320-0000-0000-C000-000000000046}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1127 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" } ], "repeated": 0, "id": 1128 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000462" } ], "repeated": 0, "id": 1129 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000468" } ], "repeated": 0, "id": 1130 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b4a2ed4", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1131 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1132 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1133 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{00000035-0000-0000-C000-000000000046}" }, { "name": "Handle", "value": "0x0000046a" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}" } ], "repeated": 0, "id": 1134 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000046a" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000046e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1135 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{00000320-0000-0000-C000-000000000046}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1136 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll" }, { "name": "BaseAddress", "value": "0x7ffc1c0a0000" } ], "repeated": 0, "id": 1137 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{00000320-0000-0000-C000-000000000046}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1138 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046e" } ], "repeated": 0, "id": 1139 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046a" } ], "repeated": 0, "id": 1140 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1141 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000468" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1142 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000046c" } ], "repeated": 0, "id": 1143 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1144 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "x\\x08\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1145 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\x18\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1146 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1147 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xe8`\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1148 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1149 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xb8\\x16\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1150 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x85\\x94w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xd0\\xcf?\\x95P\\x00\\x00\\x00\\xc8\\xcf?\\x95P\\x00\\x00\\x00\\x98\\xcf?\\x95P\\x00\\x00\\x00\\xb8\\xcf?\\x95" } ], "repeated": 0, "id": 1151 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x16\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xcd?\\x95P\\x00\\x00\\x00l\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1152 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1153 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xf8\\x00\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1154 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x00\\x19\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1155 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1156 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xa8a\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1157 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1158 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X\\x19\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1159 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00e\\x90w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x000\\xcc?\\x95P\\x00\\x00\\x00(\\xcc?\\x95P\\x00\\x00\\x00\\xf8\\xcb?\\x95P\\x00\\x00\\x00\\x18\\xcc?\\x95" } ], "repeated": 0, "id": 1160 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x19\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xca?\\x95P\\x00\\x00\\x00l\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1161 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000468" } ], "repeated": 0, "id": 1162 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046c" } ], "repeated": 0, "id": 1163 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1164 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x0000046c" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1165 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2c581630", "parentcaller": "0x7ffc2c5812cd", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1166 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000468" } ], "repeated": 0, "id": 1167 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1168 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1169 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1170 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\x12\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00c\\x00:\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x008\\x00E\\x00E\\x00B\\x004\\x00E\\x005\\x008\\x002\\x004\\x004\\x005\\x00D\\x00E\\x005\\x00E\\x007\\x006\\x00B\\x00B\\x00E\\x004\\x00A\\x00F\\x00F\\x009\\x00]\\x00\\x00\\x00" } ], "repeated": 0, "id": 1171 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1172 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xa8a\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1173 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1174 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x18\\x17\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1175 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x85\\x94w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xd0\\xcf?\\x95P\\x00\\x00\\x00\\xc8\\xcf?\\x95P\\x00\\x00\\x00\\x98\\xcf?\\x95P\\x00\\x00\\x00\\xb8\\xcf?\\x95" } ], "repeated": 0, "id": 1176 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x17\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xcd?\\x95P\\x00\\x00\\x00h\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1177 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1178 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a8a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1179 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\x18\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1180 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1181 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2c547be3", "parentcaller": "0x7ffc2c5815ab", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1182 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xc8e\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1183 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1184 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1185 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xf8\\x18\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1186 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00e\\x90w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x000\\xcc?\\x95P\\x00\\x00\\x00(\\xcc?\\x95P\\x00\\x00\\x00\\xf8\\xcb?\\x95P\\x00\\x00\\x00\\x18\\xcc?\\x95" } ], "repeated": 0, "id": 1187 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x18\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xca?\\x95P\\x00\\x00\\x00h\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1188 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046c" } ], "repeated": 0, "id": 1189 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000468" } ], "repeated": 0, "id": 1190 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}" }, { "name": "Handle", "value": "0x00000466" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}" } ], "repeated": 0, "id": 1191 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 1192 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000466" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000044a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1193 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1194 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" } ], "repeated": 0, "id": 1195 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" } ], "repeated": 0, "id": 1196 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" }, { "name": "Handle", "value": "0x00000466" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" } ], "repeated": 0, "id": 1197 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1198 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1199 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "p\\xcb\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00p\\xcc\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1200 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" } ], "repeated": 0, "id": 1201 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1202 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" } ], "repeated": 0, "id": 1203 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1204 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1205 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)" } ], "repeated": 0, "id": 1206 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "ExecModelProxy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)" } ], "repeated": 0, "id": 1207 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000466" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x0000044a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32" } ], "repeated": 0, "id": 1208 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\InprocServer32" } ], "repeated": 0, "id": 1209 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)" } ], "repeated": 0, "id": 1210 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ada4aa9", "parentcaller": "0x7ffc2ad831c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "%systemroot%\\system32\\execmodelproxy.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)" } ], "repeated": 1, "id": 1211 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\ThreadingModel" } ], "repeated": 0, "id": 1212 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" } ], "repeated": 0, "id": 1213 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1214 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1215 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xca\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xcb\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1216 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32" } ], "repeated": 0, "id": 1217 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1218 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32" } ], "repeated": 0, "id": 1219 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1220 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1221 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xca\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xcb\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1222 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler" } ], "repeated": 0, "id": 1223 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1224 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler" } ], "repeated": 0, "id": 1225 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" } ], "repeated": 0, "id": 1226 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1227 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1228 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" }, { "name": "Handle", "value": "0x00000466" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" } ], "repeated": 0, "id": 1229 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1230 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1231 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xc8\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x000\\xc9\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1232 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" } ], "repeated": 0, "id": 1233 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000470" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a65f10" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12764" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "combase.dll" } ], "repeated": 0, "id": 1234 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000470", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a65f10" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12764" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 1235 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1236 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" } ], "repeated": 0, "id": 1237 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1238 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1239 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1240 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12764", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a84000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1241 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)" } ], "repeated": 0, "id": 1242 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "ExecModelProxy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)" } ], "repeated": 0, "id": 1243 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12764", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800228000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1244 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000466" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x0000044a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32" } ], "repeated": 0, "id": 1245 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\InprocServer32" } ], "repeated": 0, "id": 1246 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)" } ], "repeated": 0, "id": 1247 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ada4aa9", "parentcaller": "0x7ffc2ad831c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "%systemroot%\\system32\\execmodelproxy.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)" } ], "repeated": 1, "id": 1248 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\ThreadingModel" } ], "repeated": 0, "id": 1249 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" } ], "repeated": 0, "id": 1250 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1251 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1252 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xc6\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xc0\\xc7\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1253 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32" } ], "repeated": 0, "id": 1254 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1255 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32" } ], "repeated": 0, "id": 1256 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1257 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1258 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xc6\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xc0\\xc7\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1259 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler" } ], "repeated": 0, "id": 1260 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1261 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler" } ], "repeated": 0, "id": 1262 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2b43ab08", "parentcaller": "0x7ffc2b43a7d9", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000466" }, { "name": "SubKey", "value": "LocalServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer32" } ], "repeated": 0, "id": 1263 }, { "timestamp": "2026-05-28 21:41:47,301", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43a825", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000466" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\AppID" } ], "repeated": 0, "id": 1264 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1265 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1266 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xc6\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xc7\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1267 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer" } ], "repeated": 0, "id": 1268 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000466" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1269 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000466" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer" } ], "repeated": 0, "id": 1270 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b43ad16", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" }, { "name": "Handle", "value": "0x0000044a" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" } ], "repeated": 0, "id": 1271 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b43ad4d", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000044a" }, { "name": "SubKey", "value": "Elevation" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\Elevation" } ], "repeated": 0, "id": 1272 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12764", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000047c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1273 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b43adb1", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000044a" } ], "repeated": 0, "id": 1274 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" } ], "repeated": 0, "id": 1275 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4325e9", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" }, { "name": "Handle", "value": "0x00000466" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}" } ], "repeated": 0, "id": 1276 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b4a2ed4", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1277 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b4af8f8", "parentcaller": "0x7ffc2b43213b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000466" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs" } ], "repeated": 0, "id": 1278 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000466" } ], "repeated": 0, "id": 1279 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{50AC103F-D235-4598-BBEF-98FE4D1A3AD4}" }, { "name": "Handle", "value": "0x00000472" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{50AC103F-D235-4598-BBEF-98FE4D1A3AD4}" } ], "repeated": 0, "id": 1280 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000472" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000486" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1281 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1282 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" } ], "repeated": 0, "id": 1283 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" } ], "repeated": 0, "id": 1284 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\execmodelproxy" }, { "name": "DllBase", "value": "0x7ffc178b0000" } ], "repeated": 0, "id": 1285 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" }, { "name": "Handle", "value": "0x00000472" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" } ], "repeated": 0, "id": 1286 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1287 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1288 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "p\\xcb?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00p\\xcc?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1289 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" } ], "repeated": 0, "id": 1290 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1291 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" } ], "repeated": 0, "id": 1292 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1293 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1294 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)" } ], "repeated": 0, "id": 1295 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "Windows Push Notification Developer Proxy Stub" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)" } ], "repeated": 0, "id": 1296 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000472" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000486" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocServer32" } ], "repeated": 0, "id": 1297 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\execmodelproxy.dll" }, { "name": "BaseAddress", "value": "0x7ffc178b0000" } ], "repeated": 0, "id": 1298 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc178b0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\execmodelproxy.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 1299 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "%SystemRoot%\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1300 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "execmodelproxy.dll" }, { "name": "ModuleHandle", "value": "0x7ffc178b0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 1301 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "execmodelproxy.dll" }, { "name": "ModuleHandle", "value": "0x7ffc178b0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc178b1950" } ], "repeated": 0, "id": 1302 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 1303 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a8d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1304 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" } ], "repeated": 0, "id": 1305 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1306 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1307 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xca?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xcb?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1308 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32" } ], "repeated": 0, "id": 1309 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1310 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32" } ], "repeated": 0, "id": 1311 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1312 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1313 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xca?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xcb?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1314 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler" } ], "repeated": 0, "id": 1315 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc19846dcd", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000448" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 1316 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1317 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler" } ], "repeated": 0, "id": 1318 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc198398bc", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000448" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000488" } ], "repeated": 0, "id": 1319 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" } ], "repeated": 0, "id": 1320 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc19839910", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xf4\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1321 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc19839ae9", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000488" } ], "repeated": 0, "id": 1322 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1323 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1324 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc19839af9", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000448" } ], "repeated": 0, "id": 1325 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc198396c2", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000448" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 1326 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000448" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000488" } ], "repeated": 0, "id": 1327 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1328 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a73000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1329 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" }, { "name": "Handle", "value": "0x00000472" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" } ], "repeated": 0, "id": 1330 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc198397e7", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000448" } ], "repeated": 0, "id": 1331 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1332 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1333 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xc8?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x000\\xc9?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1334 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" } ], "repeated": 0, "id": 1335 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1336 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" } ], "repeated": 0, "id": 1337 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1338 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1339 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)" } ], "repeated": 0, "id": 1340 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad809b4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1341 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad809f7", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1342 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xc6?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xc7?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1343 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad809f7", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x02000000", "pretty_value": "MAXIMUM_ALLOWED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } ], "repeated": 0, "id": 1344 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad83e41", "parentcaller": "0x7ffc2ae043b9", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "ValueName", "value": "" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "Windows Push Notification Developer Proxy Stub" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)" } ], "repeated": 0, "id": 1345 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000472" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000486" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocServer32" } ], "repeated": 0, "id": 1346 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 1347 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1348 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ada4aa9", "parentcaller": "0x7ffc2ad831c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "%SystemRoot%\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1349 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad809b4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1350 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad809f7", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1351 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xc6?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x86\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00@\\xc7?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1352 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad809f7", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x02000000", "pretty_value": "MAXIMUM_ALLOWED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32" } ], "repeated": 0, "id": 1353 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad83e41", "parentcaller": "0x7ffc2ae043b9", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "ValueName", "value": "" }, { "name": "Type", "value": "2", "pretty_value": "REG_EXPAND_SZ" }, { "name": "Information", "value": "%SystemRoot%\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1354 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 1355 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" } ], "repeated": 0, "id": 1356 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1357 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1358 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32" } ], "repeated": 0, "id": 1359 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1360 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32" } ], "repeated": 0, "id": 1361 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1362 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1363 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xc6?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xc0\\xc7?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1364 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler" } ], "repeated": 0, "id": 1365 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1366 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler" } ], "repeated": 0, "id": 1367 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b43ab08", "parentcaller": "0x7ffc2b43a7d9", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000472" }, { "name": "SubKey", "value": "LocalServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer32" } ], "repeated": 0, "id": 1368 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43a825", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\AppID" } ], "repeated": 0, "id": 1369 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1370 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1371 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xc6?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00r\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xc7?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1372 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer" } ], "repeated": 0, "id": 1373 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000472" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1374 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000472" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer" } ], "repeated": 0, "id": 1375 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b43ad16", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" }, { "name": "Handle", "value": "0x00000486" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" } ], "repeated": 0, "id": 1376 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000486" }, { "name": "SubKey", "value": "Elevation" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\Elevation" } ], "repeated": 0, "id": 1377 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b43adb1", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" } ], "repeated": 0, "id": 1378 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" } ], "repeated": 0, "id": 1379 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4325e9", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" }, { "name": "Handle", "value": "0x00000472" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}" } ], "repeated": 0, "id": 1380 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1381 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1382 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4af8f8", "parentcaller": "0x7ffc2b43213b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000472" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs" } ], "repeated": 0, "id": 1383 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" } ], "repeated": 0, "id": 1384 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1385 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1386 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1387 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1388 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\policymanager.dll" } ], "repeated": 0, "id": 1389 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xd8\\x0c\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1390 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "`\\x1f\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00p\\x00o\\x00l\\x00i\\x00c\\x00y\\x00m\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00" } ], "repeated": 0, "id": 1391 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1392 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "Xc\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1393 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1394 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a92000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1395 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xb8#\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1396 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00u\\x9ew\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00 \\xd6?\\x95P\\x00\\x00\\x00\\x18\\xd6?\\x95P\\x00\\x00\\x00\\xe8\\xd5?\\x95P\\x00\\x00\\x00\\x08\\xd6?\\x95" } ], "repeated": 0, "id": 1397 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1398 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1399 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1400 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1401 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b4a2ed4", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1402 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14fcfe", "parentcaller": "0x7ffc2d14fa80", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000488" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000448" }, { "name": "FileName", "value": "C:\\Windows\\System32\\policymanager.dll" } ], "repeated": 0, "id": 1403 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1404 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1405 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1406 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000488" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23b90000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000a1000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1407 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1408 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1409 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000470" } ], "repeated": 0, "id": 1410 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d105082", "parentcaller": "0x7ffc2d1079d2", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1411 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1412 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "H\\x0b\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1413 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "msvcp110_win.dll" } ], "repeated": 0, "id": 1414 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0+\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1415 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1416 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14fd68", "parentcaller": "0x7ffc2d14fa80", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000488" } ], "repeated": 0, "id": 1417 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "Ha\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1418 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1419 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14fd71", "parentcaller": "0x7ffc2d14fa80", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000448" } ], "repeated": 0, "id": 1420 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x98%\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1421 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x95\\x82w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xc0\\xd9?\\x95P\\x00\\x00\\x00\\xb8\\xd9?\\x95P\\x00\\x00\\x00\\x88\\xd9?\\x95P\\x00\\x00\\x00\\xa8\\xd9?\\x95" } ], "repeated": 0, "id": 1422 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msvcp110_win.dll" } ], "repeated": 0, "id": 1423 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\msvcp110_win.dll" } ], "repeated": 0, "id": 1424 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" } ], "repeated": 0, "id": 1425 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1426 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1427 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1428 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1429 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000484" } ], "repeated": 0, "id": 1430 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1431 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "(\r\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1432 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " $\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1433 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d0fffed", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1434 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "Ha\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1435 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d100068", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1436 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1437 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1438 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x98%\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1439 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d105082", "parentcaller": "0x7ffc2d1079d2", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1440 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "8\\x0c\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1441 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000488" } ], "repeated": 0, "id": 1442 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@+\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1443 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d14fd71", "parentcaller": "0x7ffc2d14f7b0", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000448" } ], "repeated": 0, "id": 1444 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1445 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xa8a\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1446 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1447 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X#\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1448 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x005\\x90w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00`\\xcc?\\x95P\\x00\\x00\\x00X\\xcc?\\x95P\\x00\\x00\\x00(\\xcc?\\x95P\\x00\\x00\\x00H\\xcc?\\x95" } ], "repeated": 0, "id": 1449 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1450 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1451 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137fe1", "parentcaller": "0x7ffc2d137bdd", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00)\\xc0?W\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1452 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 1, "id": 1453 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b4a2ed4", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1454 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1455 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 1456 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1457 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b4a2ed4", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1458 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{3BC3D253-2F31-4092-9129-8AD5ABF067DA}" }, { "name": "Handle", "value": "0x00000486" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3BC3D253-2F31-4092-9129-8AD5ABF067DA}" } ], "repeated": 0, "id": 1459 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000486" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000472" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bc3d253-2f31-4092-9129-8ad5abf067da}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1460 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bc3d253-2f31-4092-9129-8ad5abf067da}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1461 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000472" } ], "repeated": 0, "id": 1462 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" } ], "repeated": 0, "id": 1463 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1464 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1465 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1466 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1467 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000470" } ], "repeated": 0, "id": 1468 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1469 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x18\\x0e\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1470 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0!\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1471 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1472 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "he\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1473 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1474 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xd8'\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1475 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x95\\x82w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xc0\\xd9?\\x95P\\x00\\x00\\x00\\xb8\\xd9?\\x95P\\x00\\x00\\x00\\x88\\xd9?\\x95P\\x00\\x00\\x00\\xa8\\xd9?\\x95" } ], "repeated": 0, "id": 1476 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0'\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xd7?\\x95P\\x00\\x00\\x00p\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1477 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1478 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xf8\n\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x98\\x16\\xfc\\x7f\\x00\\x00\\xf0\\xecd+\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1479 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@+\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1480 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1481 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x98b\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1482 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1483 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x18$\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1484 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00u\\x9ew\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00 \\xd6?\\x95P\\x00\\x00\\x00\\x18\\xd6?\\x95P\\x00\\x00\\x00\\xe8\\xd5?\\x95P\\x00\\x00\\x00\\x08\\xd6?\\x95" } ], "repeated": 0, "id": 1485 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10$\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xd4?\\x95P\\x00\\x00\\x00p\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1486 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1487 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1488 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "WindowsCreateString" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4481a0" } ], "repeated": 0, "id": 1489 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1490 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b4a2ed4", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1491 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\policymanager" }, { "name": "DllBase", "value": "0x7ffc23b90000" } ], "repeated": 0, "id": 1492 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1493 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1494 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc2b4c8bd7", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 1495 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1496 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1497 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000488" } ], "repeated": 0, "id": 1498 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1499 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad8aaa8", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00`:\\xa7\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00;\\xa7\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 ;\\xa7\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x004<\\xa7\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00H<\\xa7\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00P<\\xa7\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00p<\\xa7\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00x<\\xa7\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98<\\xa7\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00P;\\xa7\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xd6;\\xa7\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xdc;\\xa7\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 1500 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad8cbbe", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000488" } ], "repeated": 0, "id": 1501 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000488" } ], "repeated": 0, "id": 1502 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1503 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad8aaa8", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00`:\\xa7\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00;\\xa7\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00 ;\\xa7\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x004<\\xa7\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00H<\\xa7\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00P<\\xa7\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00p<\\xa7\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00x<\\xa7\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98<\\xa7\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00P;\\xa7\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xd6;\\xa7\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xdc;\\xa7\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 1504 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad8cbbe", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000488" } ], "repeated": 0, "id": 1505 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc168a9183", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1506 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1507 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1508 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb38000" }, { "name": "ModuleName", "value": "OLEAUT32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1509 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb38000" }, { "name": "ModuleName", "value": "OLEAUT32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1510 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d10fad7", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000003c" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 1, "id": 1511 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b15000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1512 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b09000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1513 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\msvcp110_win" }, { "name": "BaseAddress", "value": "0x7ffc29860000" }, { "name": "InitRoutine", "value": "0x7ffc298a5870" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1514 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\policymanager" }, { "name": "BaseAddress", "value": "0x7ffc23b90000" }, { "name": "InitRoutine", "value": "0x7ffc23b99ed0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1515 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1516 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d1ae53f", "parentcaller": "0x7ffc2d10faf7", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 1517 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1518 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "usermgrcli.dll" } ], "repeated": 0, "id": 1519 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\usermgrcli.dll" } ], "repeated": 0, "id": 1520 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1521 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1522 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps" }, { "name": "Handle", "value": "0x0000048c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps" } ], "repeated": 0, "id": 1523 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\PolicyType" } ], "repeated": 0, "id": 1524 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d14fc9c", "parentcaller": "0x7ffc2d14fa80", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\usermgrcli.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1525 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirect" } ], "repeated": 0, "id": 1526 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 1527 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1528 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1529 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d14fcfe", "parentcaller": "0x7ffc2d14fa80", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000470" }, { "name": "FileName", "value": "C:\\Windows\\System32\\usermgrcli.dll" } ], "repeated": 0, "id": 1530 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 1531 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25960000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00016000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1532 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b977f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyismultisz" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyismultisz" } ], "repeated": 0, "id": 1533 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 1534 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d0fffed", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2596c000" }, { "name": "ModuleName", "value": "usermgrcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1535 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataUser" } ], "repeated": 0, "id": 1536 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataBoth" } ], "repeated": 0, "id": 1537 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d14fd68", "parentcaller": "0x7ffc2d14fa80", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1538 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d14fd71", "parentcaller": "0x7ffc2d14fa80", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1539 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2596b000" }, { "name": "ModuleName", "value": "usermgrcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1540 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\usermgrcli" }, { "name": "DllBase", "value": "0x7ffc25960000" } ], "repeated": 0, "id": 1541 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\30Value" } ], "repeated": 0, "id": 1542 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97ca8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Value" } ], "repeated": 0, "id": 1543 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1544 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b95c61", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } ], "repeated": 0, "id": 1545 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b95d7c", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 1546 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps" }, { "name": "Handle", "value": "0x0000048c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps" } ], "repeated": 0, "id": 1547 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\PolicyType" } ], "repeated": 0, "id": 1548 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Behavior" } ], "repeated": 0, "id": 1549 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\MergeAlgorithm" } ], "repeated": 0, "id": 1550 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 1551 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirect" } ], "repeated": 0, "id": 1552 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 1553 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad83e41", "parentcaller": "0x7ffc2ae043b9", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "LetAppsRunInBackground_ForceAllowTheseApps" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 1554 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\usermgrcli" }, { "name": "BaseAddress", "value": "0x7ffc25960000" }, { "name": "InitRoutine", "value": "0x7ffc25964250" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1555 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97647", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 1556 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1557 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 1558 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b977f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyismultisz" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyismultisz" } ], "repeated": 0, "id": 1559 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 1560 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataUser" } ], "repeated": 0, "id": 1561 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b979b1", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataDevice" } ], "repeated": 0, "id": 1562 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataBoth" } ], "repeated": 0, "id": 1563 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1564 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\30Value" } ], "repeated": 0, "id": 1565 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97ca8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Value" } ], "repeated": 0, "id": 1566 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1567 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b95c61", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } ], "repeated": 0, "id": 1568 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b95d7c", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 1569 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps" }, { "name": "Handle", "value": "0x0000048c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps" } ], "repeated": 0, "id": 1570 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1571 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xc2?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x86\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xc3?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1572 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\TreatAs" } ], "repeated": 0, "id": 1573 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1574 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\PolicyType" } ], "repeated": 0, "id": 1575 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000486" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\TreatAs" } ], "repeated": 0, "id": 1576 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1577 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Behavior" } ], "repeated": 0, "id": 1578 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\MergeAlgorithm" } ], "repeated": 0, "id": 1579 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 1580 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirect" } ], "repeated": 0, "id": 1581 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 1582 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000486" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocServer32" } ], "repeated": 0, "id": 1583 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1584 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1585 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "`\\xc1?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x86\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00`\\xc2?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1586 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocHandler32" } ], "repeated": 0, "id": 1587 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000486" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1588 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 1589 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocHandler" } ], "repeated": 0, "id": 1590 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataUser" } ], "repeated": 0, "id": 1591 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataDevice" } ], "repeated": 0, "id": 1592 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataBoth" } ], "repeated": 0, "id": 1593 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad83f4b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1594 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae04fd4", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\OLE" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE" } ], "repeated": 0, "id": 1595 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1596 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82fe4", "parentcaller": "0x7ffc2b4aca47", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000484" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1597 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b95d7c", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 1598 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2c581630", "parentcaller": "0x7ffc2c5812cd", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1599 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a76000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1600 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground" }, { "name": "Handle", "value": "0x0000048c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground" } ], "repeated": 0, "id": 1601 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000484" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1602 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\PolicyType" } ], "repeated": 0, "id": 1603 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Behavior" } ], "repeated": 0, "id": 1604 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\MergeAlgorithm" } ], "repeated": 0, "id": 1605 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 1606 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirect" } ], "repeated": 0, "id": 1607 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname" } ], "repeated": 0, "id": 1608 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b975df", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "Data", "value": "LetAppsRunInBackground" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname" } ], "repeated": 0, "id": 1609 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97647", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath" } ], "repeated": 0, "id": 1610 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath" } ], "repeated": 0, "id": 1611 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF8E9480-CA73-448E-B8F0-DA000F581428}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1612 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 1613 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataUser" } ], "repeated": 0, "id": 1614 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b979b1", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataDevice" } ], "repeated": 0, "id": 1615 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataBoth" } ], "repeated": 0, "id": 1616 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs" } ], "repeated": 0, "id": 1617 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\30Value" } ], "repeated": 0, "id": 1618 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs" } ], "repeated": 0, "id": 1619 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1620 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1621 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1622 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12716", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048c" }, { "name": "KeyInformation", "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00J\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00U\\x00s\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00P\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdd\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffe9\\xffef\\xff94P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00@\\xffeb\\xffa5\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x0f,\\x0c\\xffe4\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90^\\xffa6\\x07+\\x02\\x00\\x00\\xfff8\\xffdd\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdd\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00@\\xffeb\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdd\\xffa8\\x07+\\x02\\x00\\x00@\\xffeb\\xffa5\\x07+\\x02\\x00\\x00\\xff90^\\xffa6\\x07+\\x02\\x00\\x00`\\x0e\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90^\\xffa6\\x07+\\x02\\x00\\x00P\\xffee\\xffa5\\x07+\\x02\\x00\\x00P\\xffee\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffeb\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffee\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00@\\xffeb\\xffa5\\x07+\\x02\\x00\\x00`\\x0e\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffea\\xffef\\xff94P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffec\\xffa5\\x07+\\x02\\x00\\x00\\xffd0\\xffdd\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 1623 }, { "timestamp": "2026-05-28 21:41:47,316", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)" } ], "repeated": 0, "id": 1624 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)" } ], "repeated": 0, "id": 1625 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Server" } ], "repeated": 0, "id": 1626 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\DllPath" } ], "repeated": 0, "id": 1627 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Threading" } ], "repeated": 0, "id": 1628 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 1629 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000048c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\CustomAttributes" } ], "repeated": 0, "id": 1630 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1631 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateAsUser" } ], "repeated": 0, "id": 1632 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInSharedBroker" } ], "repeated": 0, "id": 1633 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1634 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 1635 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Permissions" } ], "repeated": 0, "id": 1636 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1637 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1638 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1639 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4574a2", "parentcaller": "0x7ffc2b4567e6", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000498" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000384" }, { "name": "ObjectAttributesName", "value": "Server" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server" } ], "repeated": 0, "id": 1640 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000049c" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000498" }, { "name": "ObjectAttributesName", "value": "StateRepository" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository" } ], "repeated": 0, "id": 1641 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000049c" }, { "name": "KeyInformation", "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\xffc49@\t+\\x02\\x00\\x00\\xff90\\xffc7q\\x14\\xfffc\\x7f\\x00\\x00\\xffa2tE+\\xfffc\\x7f\\x00\\x00\\xffd9LB\\x14\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00E\\xffb2\\xffa7\\xffc5\\xff8b\\xff88\\x00\\x00x\\xffd9\\xffa8\\x07+\\x02\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x008\\xffe5\\xffef\\xff94P\\x00\\x00\\x00\\xffd5\\xff8c\\xffa7\\xffc5\\xff8b\\xff88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffac[\\xffa6\\x07+\\x02\\x00\\x00\\xffa8N\\xffa3\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00`]\\xffa6\\x07+\\x02\\x00\\x00\\xff80\\xffe5\\xffef\\xff94P\\x00\\x00\\x00\\xffe4ID\\x14\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff84\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffb8\\xffcff\\x14\\xfffc\\x7f\\x00\\x00`]\\xffa6\\x07+\\x02\\x00\\x00\\xfff8\\xff81f\\x14\\xfffc\\x7f\\x00\\x00\\x19\\x01\\x02\\x00+\\x02\\x00\\x00h\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xff84\\x03\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00p\\xffe5\\xffef\\xff94P\\x00\\x00\\x00\\xff98\\xff85f\\x14\\xfffc\\x7f\\x00\\x00\\xff80\\xffe5\\xffef\\xff94P\\x00\\x00\\x00\\xffb0c\\xffa8\\x07+\\x02\\x00\\x00\\xffb0tE+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff80\\xffe7\\xffef\\xff94P\\x00\\x00\\x00`]\\xffa6\\x07+\\x02\\x00\\x00\\x10]\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\xffccc\\xffa8\\x07+\\x02\\x00\\x000\\x00\\x00\\x00+\\x02\\x00\\x00\\xff84\\x03\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe5\\xffef\\xff94P\\x00\\x00\\x00@\\x00\\x00\\x00+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P]\\xffa6\\x07+\\x02\\x00\\x00\\x19hE+\\xfffc\\x7f\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 1642 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1643 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "ExePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath" } ], "repeated": 0, "id": 1644 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler" } ], "repeated": 0, "id": 1645 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "CommandLine" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine" } ], "repeated": 0, "id": 1646 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1647 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "IdentityType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType" } ], "repeated": 0, "id": 1648 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1649 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1650 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x000000ea", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Type", "value": "0x7ffc00000003" }, { "name": "DataLength", "value": "184" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions" } ], "repeated": 0, "id": 1651 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1652 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "p\\xaf?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00p\\xb0?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1653 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Data", "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions" } ], "repeated": 0, "id": 1654 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1655 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d9d80", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "ActivatableClasses" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses" } ], "repeated": 0, "id": 1656 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d0f30fd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b078f2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1657 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a96000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1658 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "AppId" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId" } ], "repeated": 0, "id": 1659 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1660 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "Identity" }, { "name": "Data", "value": "nt authority\\system" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity" } ], "repeated": 0, "id": 1661 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a97000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1662 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)" } ], "repeated": 0, "id": 1663 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "ServiceName" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName" } ], "repeated": 0, "id": 1664 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049c" }, { "name": "ValueName", "value": "ExplicitPsmActivationType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType" } ], "repeated": 0, "id": 1665 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000049c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes" } ], "repeated": 0, "id": 1666 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a95000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1667 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049c" } ], "repeated": 0, "id": 1668 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1669 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 1670 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1671 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a98000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1672 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a99000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1673 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1674 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 1675 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1676 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1677 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1678 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xae?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xaf?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1679 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32" } ], "repeated": 0, "id": 1680 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1681 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32" } ], "repeated": 0, "id": 1682 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1683 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1684 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xae?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xaf?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1685 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler" } ], "repeated": 0, "id": 1686 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1687 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler" } ], "repeated": 0, "id": 1688 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b43ab08", "parentcaller": "0x7ffc2b43a7d9", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "LocalServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32" } ], "repeated": 0, "id": 1689 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43a825", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID" } ], "repeated": 0, "id": 1690 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1691 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1692 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xad?\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00@\\xae?\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1693 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer" } ], "repeated": 0, "id": 1694 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1695 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer" } ], "repeated": 0, "id": 1696 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b43ad16", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } ], "repeated": 0, "id": 1697 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b43ad4d", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "Elevation" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation" } ], "repeated": 0, "id": 1698 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b43adb1", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1699 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1700 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{84103CCB-2FD7-4D6C-962E-5D8582B4C720}" }, { "name": "Handle", "value": "0x0000048e" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{84103CCB-2FD7-4D6C-962E-5D8582B4C720}" } ], "repeated": 0, "id": 1701 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4325e9", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "Handle", "value": "0x00000492" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } ], "repeated": 0, "id": 1702 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4af8f8", "parentcaller": "0x7ffc2b43213b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs" } ], "repeated": 0, "id": 1703 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1704 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1705 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1706 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84103ccb-2fd7-4d6c-962e-5d8582b4c720}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1707 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049e" } ], "repeated": 0, "id": 1708 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" } ], "repeated": 0, "id": 1709 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x0000048e" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 1710 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1711 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1712 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xc1\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x8e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00@\\xc2\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1713 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 1714 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1715 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000048e" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 1716 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1717 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000048e" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1718 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 1719 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 1720 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000048e" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32" } ], "repeated": 0, "id": 1721 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 1722 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1723 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1724 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" }, { "name": "BaseAddress", "value": "0x7ffc24d40000" } ], "repeated": 0, "id": 1725 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc24d40000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 1726 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1727 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "OneCoreUAPCommonProxyStub.dll" }, { "name": "ModuleHandle", "value": "0x7ffc24d40000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc24d56540" } ], "repeated": 0, "id": 1728 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1729 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "OneCoreUAPCommonProxyStub.dll" }, { "name": "ModuleHandle", "value": "0x7ffc24d40000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 1730 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "OneCoreUAPCommonProxyStub.dll" }, { "name": "ModuleHandle", "value": "0x7ffc24d40000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc24d565f0" } ], "repeated": 0, "id": 1731 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xbf\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x8e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xc0\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1732 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 1733 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1734 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000048e" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 1735 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1736 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1737 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xbf\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x8e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xc0\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1738 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 1739 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000048e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1740 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000048e" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 1741 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" } ], "repeated": 0, "id": 1742 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1743 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1744 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x00000492" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 1745 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1746 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1747 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xbe\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\xbf\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1748 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 1749 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1750 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 1751 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1752 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1753 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 1754 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 1755 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x0000049e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32" } ], "repeated": 0, "id": 1756 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049e" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 1757 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049e" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1758 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 1759 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049e" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 1760 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049e" } ], "repeated": 0, "id": 1761 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1762 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1763 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xbc\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x90\\xbd\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1764 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 1765 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1766 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 1767 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1768 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1769 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xbc\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x90\\xbd\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1770 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 1771 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1772 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1773 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 1774 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b43ab08", "parentcaller": "0x7ffc2b43a7d9", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "LocalServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32" } ], "repeated": 0, "id": 1775 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43a825", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID" } ], "repeated": 0, "id": 1776 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1777 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1778 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xbb\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x92\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xbc\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1779 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer" } ], "repeated": 0, "id": 1780 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000492" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1781 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000492" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer" } ], "repeated": 0, "id": 1782 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}" } ], "repeated": 0, "id": 1783 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b43ad16", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x0000049e" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 1784 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004a2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1785 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1786 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1787 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1788 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1789 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad8248a", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1790 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x000003ae" }, { "name": "ObjectAttributesName", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 1791 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000490" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 1792 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4af8f8", "parentcaller": "0x7ffc2b43213b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 1793 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1794 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1795 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1796 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS" }, { "name": "DllBase", "value": "0x7ffc1beb0000" } ], "repeated": 0, "id": 1797 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll" }, { "name": "BaseAddress", "value": "0x7ffc1beb0000" } ], "repeated": 0, "id": 1798 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc1beb0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 1799 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.StateRepositoryPS.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1beb0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1beb7340" } ], "repeated": 0, "id": 1800 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "Windows.StateRepositoryPS.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1beb0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 1801 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.StateRepositoryPS.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1beb0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1beb7380" } ], "repeated": 0, "id": 1802 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1803 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1804 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1805 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1806 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b42c76f", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1807 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2c581630", "parentcaller": "0x7ffc2c5812cd", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1808 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a9c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1809 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1810 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{5232F8EA-49C7-4840-BFBB-66E785689E88}" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5232F8EA-49C7-4840-BFBB-66E785689E88}" } ], "repeated": 0, "id": 1811 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004a2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1812 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad809b4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004a2" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 1813 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad809f7", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004a2" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1814 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x10\\xd0\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xa2\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x10\\xd1\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 1815 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad809f7", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x02000000", "pretty_value": "MAXIMUM_ALLOWED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1816 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a8e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1817 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad83e41", "parentcaller": "0x7ffc2ae043b9", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004a2" }, { "name": "ValueName", "value": "" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1818 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a2" } ], "repeated": 0, "id": 1819 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1820 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1821 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1822 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000494" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.StateRepository.Package" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package" } ], "repeated": 0, "id": 1823 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000494" }, { "name": "KeyInformation", "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00P\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00x\\xffd6\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffe9\\xffef\\xff94P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff809\\xffa9\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x0f,\\x0c\\xffe4\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P[\\xffa6\\x07+\\x02\\x00\\x00x\\xffd6\\xffa8\\x07+\\x02\\x00\\x00P\\xffd6\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xff809\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd6\\xffa8\\x07+\\x02\\x00\\x00\\xff809\\xffa9\\x07+\\x02\\x00\\x00P[\\xffa6\\x07+\\x02\\x00\\x00Pu\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P[\\xffa6\\x07+\\x02\\x00\\x00`:\\xffa9\\x07+\\x02\\x00\\x00`:\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff809\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`:\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff809\\xffa9\\x07+\\x02\\x00\\x00Pu\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffea\\xffef\\xff94P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00P\\xffd6\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 1824 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType" } ], "repeated": 0, "id": 1825 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server" } ], "repeated": 0, "id": 1826 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath" } ], "repeated": 0, "id": 1827 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading" } ], "repeated": 0, "id": 1828 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000049e" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004a6" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{926516E8-D891-45BC-9DE5-6959FB8ECAC5}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1829 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000494" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\CustomAttributes" } ], "repeated": 0, "id": 1830 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer" } ], "repeated": 0, "id": 1831 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser" } ], "repeated": 0, "id": 1832 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker" } ], "repeated": 0, "id": 1833 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 1834 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions" } ], "repeated": 0, "id": 1835 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000494" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1836 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000494" } ], "repeated": 0, "id": 1837 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a9d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1838 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{A819F3DE-60AA-5159-8407-F0A7FB1F6832}" }, { "name": "Handle", "value": "0x0000049e" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A819F3DE-60AA-5159-8407-F0A7FB1F6832}" } ], "repeated": 0, "id": 1839 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000049e" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{a819f3de-60aa-5159-8407-f0a7fb1f6832}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1840 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{0450CE77-AF0D-40AC-93FD-1E5D48C89419}" }, { "name": "Handle", "value": "0x000004a6" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0450CE77-AF0D-40AC-93FD-1E5D48C89419}" } ], "repeated": 0, "id": 1841 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1842 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x0000049c" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1843 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004aa" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1844 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000494" } ], "repeated": 0, "id": 1845 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004aa" } ], "repeated": 0, "id": 1846 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1847 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a6" } ], "repeated": 0, "id": 1848 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x18t\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1849 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x00)\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x02\\x00\\x00\\xf8\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x90I\\xa7\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1850 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1851 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1852 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1853 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "Xi\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1854 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [ { "name": "Status", "value": "Log limit reached" } ], "repeated": 0, "id": 1855 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1856 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x98\"\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1857 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x94w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd0?\\x95P\\x00\\x00\\x00\\xf8\\xcf?\\x95P\\x00\\x00\\x00\\xc8\\xcf?\\x95P\\x00\\x00\\x00\\xe8\\xcf?\\x95" } ], "repeated": 0, "id": 1858 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\"\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xcd?\\x95P\\x00\\x00\\x00\\x94\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1859 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1860 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xe8q\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1861 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xc0 \\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00+\\x02\\x00\\x00\\x00\\x00\\x00\\x00T\\x03\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90I\\xa7\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1862 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1863 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "xg\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1864 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1865 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xf8%\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1866 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x005\\x90w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00`\\xcc?\\x95P\\x00\\x00\\x00X\\xcc?\\x95P\\x00\\x00\\x00(\\xcc?\\x95P\\x00\\x00\\x00H\\xcc?\\x95" } ], "repeated": 0, "id": 1867 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0%\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xca?\\x95P\\x00\\x00\\x00\\x94\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1868 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049c" } ], "repeated": 0, "id": 1869 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000494" } ], "repeated": 0, "id": 1870 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12764", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000464" } ], "repeated": 0, "id": 1871 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{195F5943-0C04-4EAB-B907-735817FDAC77}" }, { "name": "Handle", "value": "0x000004a6" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{195F5943-0C04-4EAB-B907-735817FDAC77}" } ], "repeated": 0, "id": 1872 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004a6" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004aa" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{195f5943-0c04-4eab-b907-735817fdac77}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1873 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004aa" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{195f5943-0c04-4eab-b907-735817fdac77}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1874 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004aa" } ], "repeated": 0, "id": 1875 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a6" } ], "repeated": 0, "id": 1876 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1877 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1878 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d1ae53f", "parentcaller": "0x7ffc2d10faf7", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 1879 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "capauthz.dll" } ], "repeated": 0, "id": 1880 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\capauthz.dll" } ], "repeated": 0, "id": 1881 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d14fc9c", "parentcaller": "0x7ffc2d14fa80", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004a8" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\capauthz.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1882 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d14fcfe", "parentcaller": "0x7ffc2d14fa80", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004ac" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004a8" }, { "name": "FileName", "value": "C:\\Windows\\System32\\capauthz.dll" } ], "repeated": 0, "id": 1883 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004ac" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23660000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00051000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1884 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d0ffee4", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc236aa000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1885 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d0fffb5", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23698000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1886 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d0fffed", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23698000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1887 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d100068", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23698000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1888 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23698000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1889 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d105082", "parentcaller": "0x7ffc2d1079d2", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23698000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1890 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004b0" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "WINTRUST.dll" } ], "repeated": 0, "id": 1891 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000004a0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a99150" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12792" }, { "name": "ProcessId", "value": "12320" }, { "name": "Module", "value": "combase.dll" } ], "repeated": 0, "id": 1892 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000004a0", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a99150" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12792" }, { "name": "ProcessId", "value": "12320" } ], "repeated": 0, "id": 1893 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004b0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b050000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00067000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1894 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d0ffee4", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b0b3000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1895 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 1896 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d0fffb5", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b09a000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1897 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d0fffed", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b09a000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1898 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d100068", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b09a000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1899 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b09a000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1900 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d105082", "parentcaller": "0x7ffc2d1079d2", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b09a000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1901 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d104485", "parentcaller": "0x7ffc2d1088a8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b0" } ], "repeated": 0, "id": 1902 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d14fd68", "parentcaller": "0x7ffc2d14fa80", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 0, "id": 1903 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d14fd71", "parentcaller": "0x7ffc2d14fa80", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a8" } ], "repeated": 0, "id": 1904 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b09a000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1905 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23698000" }, { "name": "ModuleName", "value": "capauthz.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1906 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\WINTRUST" }, { "name": "DllBase", "value": "0x7ffc2b050000" } ], "repeated": 0, "id": 1907 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d157cc6", "parentcaller": "0x7ffc2d12ddf7", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1908 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12792", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a81000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1909 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12792", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000003c" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 1, "id": 1910 }, { "timestamp": "2026-05-28 21:41:47,332", "thread_id": "12716", "caller": "0x7ffc2d157cc6", "parentcaller": "0x7ffc2d12ddf7", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1911 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d157cc6", "parentcaller": "0x7ffc2d12ddf7", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\capauthz" }, { "name": "DllBase", "value": "0x7ffc23660000" } ], "repeated": 0, "id": 1912 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b16000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1913 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2ad7ed78", "parentcaller": "0x7ffc2adccf77", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004bc" }, { "name": "MutexName", "value": "" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 1914 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2ad7ed78", "parentcaller": "0x7ffc2adccf77", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004c4" }, { "name": "MutexName", "value": "" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 1915 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b0b3000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1916 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b0b3000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1917 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d1ae53f", "parentcaller": "0x7ffc2d10faf7", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 1918 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "MSASN1.dll" } ], "repeated": 0, "id": 1919 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\MSASN1.dll" } ], "repeated": 0, "id": 1920 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\msasn1.dll" } ], "repeated": 0, "id": 1921 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d14fc9c", "parentcaller": "0x7ffc2d14f7b0", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004d0" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\msasn1.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1922 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d14fcfe", "parentcaller": "0x7ffc2d14f7b0", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004d4" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004d0" }, { "name": "FileName", "value": "C:\\Windows\\System32\\msasn1.dll" } ], "repeated": 0, "id": 1923 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2d0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00012000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1924 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d0fffb5", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2da000" }, { "name": "ModuleName", "value": "MSASN1.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1925 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d0fffed", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2da000" }, { "name": "ModuleName", "value": "MSASN1.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1926 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d100068", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2da000" }, { "name": "ModuleName", "value": "MSASN1.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1927 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2da000" }, { "name": "ModuleName", "value": "MSASN1.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1928 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d105082", "parentcaller": "0x7ffc2d1079d2", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2da000" }, { "name": "ModuleName", "value": "MSASN1.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1929 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d14fd68", "parentcaller": "0x7ffc2d14f7b0", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d4" } ], "repeated": 0, "id": 1930 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d14fd71", "parentcaller": "0x7ffc2d14f7b0", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 1931 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a2da000" }, { "name": "ModuleName", "value": "MSASN1.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1932 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MSASN1" }, { "name": "DllBase", "value": "0x7ffc2a2d0000" } ], "repeated": 0, "id": 1933 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\msasn1" }, { "name": "BaseAddress", "value": "0x7ffc2a2d0000" }, { "name": "InitRoutine", "value": "0x7ffc2a2d5860" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1934 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b0b3000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1935 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b0b3000" }, { "name": "ModuleName", "value": "WINTRUST.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1936 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2a2d57f9", "parentcaller": "0x7ffc2a2d56a6", "category": "registry", "api": "RegOpenKeyExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1" } ], "repeated": 0, "id": 1937 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2a2d57f9", "parentcaller": "0x7ffc2a2d56a6", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\wintrust" }, { "name": "BaseAddress", "value": "0x7ffc2b050000" }, { "name": "InitRoutine", "value": "0x7ffc2b061670" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1938 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\capauthz" }, { "name": "BaseAddress", "value": "0x7ffc23660000" }, { "name": "InitRoutine", "value": "0x7ffc23692fd0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1939 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1940 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1988f000" }, { "name": "ModuleName", "value": "execmodelclient.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1941 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x7ffbd218bafb", "parentcaller": "0x7ffbd218b4af", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x259000105000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1942 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449800229000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1943 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0005c000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1944 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1945 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x22b07a99150" } ], "repeated": 0, "id": 1946 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000004a8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1947 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "WindowsDeleteString" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b447690" } ], "repeated": 0, "id": 1948 }, { "timestamp": "2026-05-28 21:41:47,348", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 4, "id": 1949 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}" }, { "name": "Handle", "value": "0x000004ae" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}" } ], "repeated": 0, "id": 1950 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004ae" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004b2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1951 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1952 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b2" } ], "repeated": 0, "id": 1953 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" } ], "repeated": 0, "id": 1954 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1955 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1956 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1957 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x000004ac" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1958 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004b0" } ], "repeated": 0, "id": 1959 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1960 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xf8p\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1961 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0*\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x93\\xfd\\x1e]\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1962 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1963 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xc8k\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1964 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1965 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xf8\"\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1966 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xf5\\x81\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xda_\\x95P\\x00\\x00\\x00\\x98\\xda_\\x95P\\x00\\x00\\x00h\\xda_\\x95P\\x00\\x00\\x00\\x88\\xda_\\x95" } ], "repeated": 0, "id": 1967 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\"\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd8_\\x95P\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1968 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1969 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x88w\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1970 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x80\\x11\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xfc\\x7f\\x00\\x00\\x90\\x11d+\\xfc\\x7f\\x00\\x00X\\x11d+\\xfc\\x7f\\x00\\x00`\\x88\\xa9\\x07+\\x02\\x00\\x00\\x10,\\xa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdd~\\x1e\\xde\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1971 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1972 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x08k\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1973 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1974 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "8\\x12\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1975 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x9d\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd7_\\x95P\\x00\\x00\\x00\\xf8\\xd6_\\x95P\\x00\\x00\\x00\\xc8\\xd6_\\x95P\\x00\\x00\\x00\\xe8\\xd6_\\x95" } ], "repeated": 0, "id": 1976 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x12\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd4_\\x95P\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1977 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 0, "id": 1978 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b0" } ], "repeated": 1, "id": 1979 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12752", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a9e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1980 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{79AB57F6-43FE-487B-8A7F-99567200AE94}" }, { "name": "Handle", "value": "0x000004b2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{79AB57F6-43FE-487B-8A7F-99567200AE94}" } ], "repeated": 0, "id": 1981 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b2" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004ae" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{79ab57f6-43fe-487b-8a7f-99567200ae94}\\ProxyStubClsid32" } ], "repeated": 0, "id": 1982 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{79ab57f6-43fe-487b-8a7f-99567200ae94}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 1983 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" } ], "repeated": 0, "id": 1984 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b2" } ], "repeated": 0, "id": 1985 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1986 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1987 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1988 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x000004b0" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 1989 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004ac" } ], "repeated": 0, "id": 1990 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1991 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "(s\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00M\\x00S\\x00A\\x00S\\x00N\\x001\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1992 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " *\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xfc\\x7f\\x00\\x00\\x90\\x11d+\\xfc\\x7f\\x00\\x00X\\x11d+\\xfc\\x7f\\x00\\x00\\xa04\\xa7\\x07+\\x02\\x00\\x00\\x10,\\xa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdd~\\x1e\\xde\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1993 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1994 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x18g\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1995 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 1996 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xd8*\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 1997 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xb5\\x9b\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xe0\\xd0_\\x95P\\x00\\x00\\x00\\xd8\\xd0_\\x95P\\x00\\x00\\x00\\xa8\\xd0_\\x95P\\x00\\x00\\x00\\xc8\\xd0_\\x95" } ], "repeated": 0, "id": 1998 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0*\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xce_\\x95P\\x00\\x00\\x00\\xac\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 1999 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2000 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x88w\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2001 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x00)\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xb9\\x07sX\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2002 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2003 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "(l\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2004 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2005 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xf8\"\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2006 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x15\\x97\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00@\\xcd_\\x95P\\x00\\x00\\x008\\xcd_\\x95P\\x00\\x00\\x00\\x08\\xcd_\\x95P\\x00\\x00\\x00(\\xcd_\\x95" } ], "repeated": 0, "id": 2007 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\"\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xcb_\\x95P\\x00\\x00\\x00\\xac\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2008 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b0" } ], "repeated": 0, "id": 2009 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 1, "id": 2010 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}" }, { "name": "Handle", "value": "0x000004ae" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}" } ], "repeated": 0, "id": 2011 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004ae" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004b2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2012 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2013 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b2" } ], "repeated": 0, "id": 2014 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" } ], "repeated": 0, "id": 2015 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2016 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2017 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2018 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x000004ac" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 2019 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004b0" } ], "repeated": 0, "id": 2020 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2021 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "x\\x03\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x98\\x16\\xfc\\x7f\\x00\\x00\\xf0\\xecd+\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2022 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@%\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x005\\x94\\xc1\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x007\\x000\\x00\\x90+\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2023 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2024 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x18g\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2025 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2026 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X#\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2027 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xf5\\x81\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xda_\\x95P\\x00\\x00\\x00\\x98\\xda_\\x95P\\x00\\x00\\x00h\\xda_\\x95P\\x00\\x00\\x00\\x88\\xda_\\x95" } ], "repeated": 0, "id": 2028 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P#\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd8_\\x95P\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2029 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2030 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xe8\\x0b\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xc3\\x98\\x16\\xfc\\x7f\\x00\\x00\\xf0\\xecd+\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2031 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x80$\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xbf\\xbbf\\xe7\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2032 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2033 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x18j\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2034 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2035 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xf8%\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2036 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x9d\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd7_\\x95P\\x00\\x00\\x00\\xf8\\xd6_\\x95P\\x00\\x00\\x00\\xc8\\xd6_\\x95P\\x00\\x00\\x00\\xe8\\xd6_\\x95" } ], "repeated": 0, "id": 2037 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0%\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd4_\\x95P\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2038 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 0, "id": 2039 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b0" } ], "repeated": 0, "id": 2040 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc236668cd", "parentcaller": "0x7ffc23664292", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapAuthz" }, { "name": "Handle", "value": "0x000004dc" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz" } ], "repeated": 0, "id": 2041 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23666915", "parentcaller": "0x7ffc23664292", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x0000000e", "pretty_value": "KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS" }, { "name": "Handle", "value": "0x000004e0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 2042 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 2043 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366695a", "parentcaller": "0x7ffc23664292", "category": "registry", "api": "RegCreateKeyExW", "status": false, "return": "0x000003fd", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired\\VolatileChildTest" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000002", "pretty_value": "KEY_SET_VALUE" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired\\VolatileChildTest" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 2044 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23666b50", "parentcaller": "0x7ffc23664292", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004dc" } ], "repeated": 0, "id": 2045 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23666b7a", "parentcaller": "0x7ffc23664292", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2046 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23666ec9", "parentcaller": "0x7ffc2366b441", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapDBRedirect" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapDBRedirect" } ], "repeated": 0, "id": 2047 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366b576", "parentcaller": "0x7ffc236642f2", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe" }, { "name": "Handle", "value": "0x000004e0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe" } ], "repeated": 0, "id": 2048 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "AppPackageType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType" } ], "repeated": 0, "id": 2049 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "AppPackageType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType" } ], "repeated": 0, "id": 2050 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "PackageSid" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid" } ], "repeated": 0, "id": 2051 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "PackageSid" }, { "name": "Data", "value": "S-1-15-2-543634040-274359014-2226501544-3561766748-3991453649-3543631192-522786984" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid" } ], "repeated": 0, "id": 2052 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "CapSids" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids" } ], "repeated": 0, "id": 2053 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "CapSids" }, { "name": "Data", "value": "\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x93MhQ\\x18=\\xc3\\xa6(\\x927f\\xc7\\xb1\\xfd\\x1eb\\x11\\xb0\\x8dT\\xad@A8\\xb7l\\xebv\\xc0V\\xd6\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xdc\\xdc\\xc7+\\x1b\\x84\\xfb\\x17\\x8c\\xfd\\xd5\\x99\\x9fj\\xa1T\\xc3\t\\x1a\\xfbT\\xa8\\x98\\xa2\\x98\\xef\\x9b\r\\xe1=\\xaa!\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00x2g \\xe6bZ\\x10\\xa8\\xb7\\xb5\\x84\\?L\\xd4\\xd1\\xbf\\xe8\\xedX\\x857\\xd3\\xa8\\x18)\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids" } ], "repeated": 0, "id": 2054 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "ApplicationFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags" } ], "repeated": 0, "id": 2055 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "ApplicationFlags" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags" } ], "repeated": 0, "id": 2056 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366bca8", "parentcaller": "0x7ffc236642f2", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x80000002" } ], "repeated": 0, "id": 2057 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366bcde", "parentcaller": "0x7ffc236642f2", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2058 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc19839bfa", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004e0" } ], "repeated": 0, "id": 2059 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc19839c3b", "parentcaller": "0x7ffc1985d3e7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "P\\xf5\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xf6\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2060 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc19839cb3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2061 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b17000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2062 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps" }, { "name": "Handle", "value": "0x00000114" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps" } ], "repeated": 0, "id": 2063 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\PolicyType" } ], "repeated": 0, "id": 2064 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Behavior" } ], "repeated": 0, "id": 2065 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\MergeAlgorithm" } ], "repeated": 0, "id": 2066 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 2067 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirect" } ], "repeated": 0, "id": 2068 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 2069 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b975df", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "Data", "value": "LetAppsRunInBackground_UserInControlOfTheseApps" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 2070 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97647", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 2071 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 2072 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b977f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyismultisz" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyismultisz" } ], "repeated": 0, "id": 2073 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 2074 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataUser" } ], "repeated": 0, "id": 2075 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b979b1", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataDevice" } ], "repeated": 0, "id": 2076 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataBoth" } ], "repeated": 0, "id": 2077 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\30Value" } ], "repeated": 0, "id": 2078 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97ca8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Value" } ], "repeated": 0, "id": 2079 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" } ], "repeated": 0, "id": 2080 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b95c61", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } ], "repeated": 0, "id": 2081 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b95d7c", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 2082 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps" }, { "name": "Handle", "value": "0x00000114" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps" } ], "repeated": 0, "id": 2083 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\PolicyType" } ], "repeated": 0, "id": 2084 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Behavior" } ], "repeated": 0, "id": 2085 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\MergeAlgorithm" } ], "repeated": 0, "id": 2086 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 2087 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirect" } ], "repeated": 0, "id": 2088 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 2089 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b975df", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "Data", "value": "LetAppsRunInBackground_ForceAllowTheseApps" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 2090 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97647", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 2091 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 2092 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b977f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyismultisz" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyismultisz" } ], "repeated": 0, "id": 2093 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 2094 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataUser" } ], "repeated": 0, "id": 2095 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b979b1", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataDevice" } ], "repeated": 0, "id": 2096 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataBoth" } ], "repeated": 0, "id": 2097 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\30Value" } ], "repeated": 0, "id": 2098 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97ca8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Value" } ], "repeated": 0, "id": 2099 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" } ], "repeated": 0, "id": 2100 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b95c61", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } ], "repeated": 0, "id": 2101 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b95d7c", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 2102 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps" }, { "name": "Handle", "value": "0x00000114" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps" } ], "repeated": 0, "id": 2103 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\PolicyType" } ], "repeated": 0, "id": 2104 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Behavior" } ], "repeated": 0, "id": 2105 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\MergeAlgorithm" } ], "repeated": 0, "id": 2106 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 2107 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirect" } ], "repeated": 0, "id": 2108 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 2109 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b975df", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "Data", "value": "LetAppsRunInBackground_ForceDenyTheseApps" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname" } ], "repeated": 0, "id": 2110 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97647", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 2111 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicypath" } ], "repeated": 0, "id": 2112 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b977f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyismultisz" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyismultisz" } ], "repeated": 0, "id": 2113 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 2114 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataUser" } ], "repeated": 0, "id": 2115 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b979b1", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataDevice" } ], "repeated": 0, "id": 2116 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataBoth" } ], "repeated": 0, "id": 2117 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\30Value" } ], "repeated": 0, "id": 2118 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97ca8", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Value" } ], "repeated": 0, "id": 2119 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b95a59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" } ], "repeated": 0, "id": 2120 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b95c61", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } ], "repeated": 0, "id": 2121 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b95d7c", "parentcaller": "0x7ffc23b95ac0", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 2122 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b971e2", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground" }, { "name": "Handle", "value": "0x00000114" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground" } ], "repeated": 0, "id": 2123 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9723c", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\PolicyType" } ], "repeated": 0, "id": 2124 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b972a8", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "139296" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Behavior" } ], "repeated": 0, "id": 2125 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9732c", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\MergeAlgorithm" } ], "repeated": 0, "id": 2126 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9739f", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 2127 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97402", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirect" } ], "repeated": 0, "id": 2128 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9755e", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname" } ], "repeated": 0, "id": 2129 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b975df", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "Data", "value": "LetAppsRunInBackground" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname" } ], "repeated": 0, "id": 2130 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97647", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath" } ], "repeated": 0, "id": 2131 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b9776a", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicypath" }, { "name": "Data", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath" } ], "repeated": 0, "id": 2132 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b977f6", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicyismultisz" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyismultisz" } ], "repeated": 0, "id": 2133 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97836", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "grouppolicymultiszSeparatorChar" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicymultiszSeparatorChar" } ], "repeated": 0, "id": 2134 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b978f6", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataUser" } ], "repeated": 0, "id": 2135 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b979b1", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataDevice" } ], "repeated": 0, "id": 2136 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97a6c", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataBoth" } ], "repeated": 0, "id": 2137 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23b9db1b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\30Value" } ], "repeated": 0, "id": 2138 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b97b73", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "Value" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Value" } ], "repeated": 0, "id": 2139 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b976a9", "parentcaller": "0x7ffc23b96abb", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" } ], "repeated": 0, "id": 2140 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b96e85", "parentcaller": "0x7ffc23b96097", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } ], "repeated": 0, "id": 2141 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23b96d68", "parentcaller": "0x7ffc23b96097", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy" } ], "repeated": 0, "id": 2142 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc23666ec9", "parentcaller": "0x7ffc2366b441", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapDBRedirect" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapDBRedirect" } ], "repeated": 0, "id": 2143 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366b576", "parentcaller": "0x7ffc236642f2", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe" }, { "name": "Handle", "value": "0x00000114" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe" } ], "repeated": 0, "id": 2144 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "AppPackageType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType" } ], "repeated": 0, "id": 2145 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "AppPackageType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType" } ], "repeated": 0, "id": 2146 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "PackageSid" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid" } ], "repeated": 0, "id": 2147 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "PackageSid" }, { "name": "Data", "value": "S-1-15-2-543634040-274359014-2226501544-3561766748-3991453649-3543631192-522786984" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid" } ], "repeated": 0, "id": 2148 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "CapSids" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids" } ], "repeated": 0, "id": 2149 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "CapSids" }, { "name": "Data", "value": "\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x93MhQ\\x18=\\xc3\\xa6(\\x927f\\xc7\\xb1\\xfd\\x1eb\\x11\\xb0\\x8dT\\xad@A8\\xb7l\\xebv\\xc0V\\xd6\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xdc\\xdc\\xc7+\\x1b\\x84\\xfb\\x17\\x8c\\xfd\\xd5\\x99\\x9fj\\xa1T\\xc3\t\\x1a\\xfbT\\xa8\\x98\\xa2\\x98\\xef\\x9b\r\\xe1=\\xaa!\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00x2g \\xe6bZ\\x10\\xa8\\xb7\\xb5\\x84\\?L\\xd4\\xd1\\xbf\\xe8\\xedX\\x857\\xd3\\xa8\\x18)\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids" } ], "repeated": 0, "id": 2150 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668f48", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ApplicationFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags" } ], "repeated": 0, "id": 2151 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc23668fc0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" }, { "name": "ValueName", "value": "ApplicationFlags" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags" } ], "repeated": 0, "id": 2152 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366bca8", "parentcaller": "0x7ffc236642f2", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x80000002" } ], "repeated": 0, "id": 2153 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2366bcde", "parentcaller": "0x7ffc236642f2", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000114" } ], "repeated": 0, "id": 2154 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad626e8", "parentcaller": "0x7ffc2ad6132e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xf2\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00g\\xe6\tj\\x01\\x00\\x00\\x00r\\xf3n<:\\xf5O\\xa5\\x7fR\\x0eQ" } ], "repeated": 0, "id": 2155 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2ad8df8a", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ntdll.dll" }, { "name": "BaseAddress", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2156 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2ad8df8a", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2d0f0000", "arguments": [ { "name": "lpLibFileName", "value": "ntdll.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 2157 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2ad8dfa1", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlIsStateSeparationEnabled" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d168560" } ], "repeated": 0, "id": 2158 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad83a9c", "parentcaller": "0x7ffc2ad83529", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 0, "id": 2159 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae046a3", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "DesiredAccess", "value": "0x02000000", "pretty_value": "MAXIMUM_ALLOWED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\MACHINE" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE" } ], "repeated": 0, "id": 2160 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad83b20", "parentcaller": "0x7ffc2ad83529", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 0, "id": 2161 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad83f4b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2162 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae04fd4", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004e0" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx" } ], "repeated": 0, "id": 2163 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8db13", "parentcaller": "0x7ffc2ad8da55", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 2164 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8db13", "parentcaller": "0x7ffc2ad8da55", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "Data", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 2165 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8d70a", "parentcaller": "0x7ffc2ad68db6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2166 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad83a9c", "parentcaller": "0x7ffc2ad83529", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 2167 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad83f4b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2168 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae04fd4", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004e0" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx" } ], "repeated": 0, "id": 2169 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8db13", "parentcaller": "0x7ffc2ad8da55", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 2170 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8db13", "parentcaller": "0x7ffc2ad8da55", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "Data", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 2171 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad8d70a", "parentcaller": "0x7ffc2ad68db6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2172 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07a9f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2173 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc2b4c8bd7", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000004a0" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 2174 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000004a0" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004e0" } ], "repeated": 0, "id": 2175 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2176 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aa0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2177 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004dc" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2178 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2179 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2180 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2181 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2182 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aa3000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2183 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad63d26", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004e4" }, { "name": "DesiredAccess", "value": "0x00000004", "pretty_value": "SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004dc" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" } ], "repeated": 0, "id": 2184 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad63d37", "parentcaller": "0x7ffc2ad63354", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004dc" } ], "repeated": 0, "id": 2185 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004e4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10640000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2186 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10640000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 2187 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2ad6341d", "parentcaller": "0x7ffc2ad63f0a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e4" } ], "repeated": 0, "id": 2188 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 2189 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "shcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2190 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "shcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2191 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2192 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}" }, { "name": "Handle", "value": "0x000004de" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}" } ], "repeated": 0, "id": 2193 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004de" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004ea" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2194 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ea" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2195 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ea" } ], "repeated": 0, "id": 2196 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004de" } ], "repeated": 0, "id": 2197 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2198 }, { "timestamp": "2026-05-28 21:41:47,363", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2199 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}" }, { "name": "Handle", "value": "0x000004a2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}" } ], "repeated": 0, "id": 2200 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004a2" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004e2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2201 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2202 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e2" } ], "repeated": 0, "id": 2203 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a2" } ], "repeated": 0, "id": 2204 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2205 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2206 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}" }, { "name": "Handle", "value": "0x000004a2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}" } ], "repeated": 0, "id": 2207 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004a2" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004e2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2208 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2209 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e2" } ], "repeated": 0, "id": 2210 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a2" } ], "repeated": 0, "id": 2211 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2212 }, { "timestamp": "2026-05-28 21:41:47,379", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2213 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}" }, { "name": "Handle", "value": "0x000004de" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}" } ], "repeated": 0, "id": 2214 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004de" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004ea" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2215 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ea" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2216 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ea" } ], "repeated": 0, "id": 2217 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004de" } ], "repeated": 0, "id": 2218 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2219 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2220 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2221 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x000004dc" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 2222 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004e8" } ], "repeated": 0, "id": 2223 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2224 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x88w\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2225 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@%\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x94{\\xa7\\xda\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2226 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2227 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "Ha\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2228 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2229 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xf8\\x18\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2230 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x94w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd0?\\x95P\\x00\\x00\\x00\\xf8\\xcf?\\x95P\\x00\\x00\\x00\\xc8\\xcf?\\x95P\\x00\\x00\\x00\\xe8\\xcf?\\x95" } ], "repeated": 0, "id": 2231 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x18\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xcd?\\x95P\\x00\\x00\\x00\\xe8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2232 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2233 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x18t\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2234 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x80\\x11\\xa6\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00o\\x00f\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00o\\x00s\\x00o\\x00f\\x00t\\x00E\\x00d\\x00g\\x00e\\x00.\\x00S\\x00t\\x00a\\x00b\\x00l\\x00e\\x00_\\x008\\x00w\\x00e\\x00k\\x00y\\x00b\\x003\\x00d\\x008\\x00b\\x00b\\x00" } ], "repeated": 0, "id": 2235 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2236 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "8k\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2237 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2238 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X\\x16\\xa6\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2239 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x005\\x90w\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00`\\xcc?\\x95P\\x00\\x00\\x00X\\xcc?\\x95P\\x00\\x00\\x00(\\xcc?\\x95P\\x00\\x00\\x00H\\xcc?\\x95" } ], "repeated": 0, "id": 2240 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x16\\xa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xca?\\x95P\\x00\\x00\\x00\\xe8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2241 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004dc" } ], "repeated": 0, "id": 2242 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" } ], "repeated": 1, "id": 2243 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xc1\\x08} \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 2244 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-downlevel-shell32-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 2245 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b150000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-downlevel-shell32-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 2246 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc168bb596", "parentcaller": "0x7ffc2d1338c0", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0000034B-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "0000015B-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2247 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc168bb5d6", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000004a0" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 2248 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "shcore.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b150000" }, { "name": "FunctionName", "value": "CommandLineToArgvW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b16eb30" } ], "repeated": 0, "id": 2249 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc168bb625", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2250 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc168bb635", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2251 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc168bb644", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 2252 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b165b05", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xd41\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12756" } ], "repeated": 0, "id": 2253 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004e8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.ApplicationModel.LimitedAccessFeatures" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures" } ], "repeated": 0, "id": 2254 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2255 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004e8" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00\\\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00L\\x00i\\x00m\\x00i\\x00t\\x00e\\x00d\\x00A\\x00c\\x00c\\x00e\\x00s\\x00s\\x00F\\x00e\\x00a\\x00t\\x00u\\x00r\\x00e\\x00s\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc5\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffd8\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00O\\x08:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff97\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffd0\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00P\\xffd8\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd0\\xffa8\\x07+\\x02\\x00\\x00P\\xffd8\\xffa8\\x07+\\x02\\x00\\x00\\x10\\xff97\\xffa9\\x07+\\x02\\x00\\x00Pu\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff97\\xffa9\\x07+\\x02\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd8\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffd8\\xffa8\\x07+\\x02\\x00\\x00Pu\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc6\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffe1\\xffa5\\x07+\\x02\\x00\\x00\\xffd0\\xffd0\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2256 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2257 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2258 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivationType" } ], "repeated": 0, "id": 2259 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "shcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2260 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "shcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2261 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 2262 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Server" } ], "repeated": 0, "id": 2263 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\DllPath" } ], "repeated": 0, "id": 2264 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2265 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2266 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2267 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2268 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Threading" } ], "repeated": 0, "id": 2269 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\TrustLevel" } ], "repeated": 0, "id": 2270 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000004e8" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\CustomAttributes" } ], "repeated": 0, "id": 2271 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\RemoteServer" } ], "repeated": 0, "id": 2272 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateAsUser" } ], "repeated": 0, "id": 2273 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2274 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2275 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2276 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Permissions" } ], "repeated": 0, "id": 2277 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2278 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" } ], "repeated": 0, "id": 2279 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel" }, { "name": "DllBase", "value": "0x7ffc19ae0000" } ], "repeated": 0, "id": 2280 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" }, { "name": "BaseAddress", "value": "0x7ffc19ae0000" } ], "repeated": 0, "id": 2281 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc19ae0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 2282 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19ae0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19aefa40" } ], "repeated": 0, "id": 2283 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19ae0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19aee870" } ], "repeated": 0, "id": 2284 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19ae0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19aef430" } ], "repeated": 0, "id": 2285 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2286 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2287 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2288 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2289 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 2290 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004e0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2291 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004e8" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004e0" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\KernelBase.dll.mui" } ], "repeated": 0, "id": 2292 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004e8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10690000" }, { "name": "SectionOffset", "value": "0x5093d9aa10" }, { "name": "ViewSize", "value": "0x00140000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2293 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" } ], "repeated": 0, "id": 2294 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2295 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2296 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000001b0" }, { "name": "HandleName", "value": "\\Device\\KsecDD" }, { "name": "IoControlCode", "value": "0x00390400" }, { "name": "InputBuffer", "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00M\\x00D\\x005\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x005\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffM\\x00D\\x005\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2297 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\bcryptprimitives.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 2298 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b0c0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\bcryptprimitives.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2299 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "bcryptprimitives.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b0c0000" }, { "name": "FunctionName", "value": "GetHashInterface" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b0d4460" } ], "repeated": 0, "id": 2300 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2301 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2302 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "31" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\xb9\\xd9\\x93P\\x00\\x00\\x00\\xe8\\xb9\\xd9\\x93P\\x00\\x00\\x00\\xd0\\xd8\\xa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00P\\x00\\x00\\x00\\xb1&\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\xbe\\xfb\\x7f\\x00\\x00\\xa8\\x11\\xaa\\x07+\\x02\\x00\\x00\\x10\\xc0\\xd9\\x93" } ], "repeated": 0, "id": 2303 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2304 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 2305 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 2306 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 2307 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 2308 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 2309 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 2310 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 2311 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2312 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2313 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004dc" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2314 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2315 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2316 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" } ], "repeated": 0, "id": 2317 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004dc" } ], "repeated": 0, "id": 2318 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" } ], "repeated": 0, "id": 2319 }, { "timestamp": "2026-05-28 21:41:47,394", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e8" } ], "repeated": 0, "id": 2320 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures" }, { "name": "Handle", "value": "0x000004ec" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures" } ], "repeated": 0, "id": 2321 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}" }, { "name": "Handle", "value": "0x000004f2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}" } ], "repeated": 0, "id": 2322 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" } ], "repeated": 0, "id": 2323 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\(Default)" } ], "repeated": 0, "id": 2324 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004f2" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004fa" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2325 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "04c19204-10d9-450a-95c4-2910c8f72be3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\(Default)" } ], "repeated": 0, "id": 2326 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004fa" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2327 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004fa" } ], "repeated": 0, "id": 2328 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2329 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f2" } ], "repeated": 0, "id": 2330 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2331 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2332 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2333 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2334 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ec" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Security.Cryptography.CryptographicBuffer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer" } ], "repeated": 0, "id": 2335 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ec" }, { "name": "KeyInformation", "value": "7_\\xffea\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00b\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00C\\x00r\\x00y\\x00p\\x00t\\x00o\\x00g\\x00r\\x00a\\x00p\\x00h\\x00y\\x00.\\x00C\\x00r\\x00y\\x00p\\x00t\\x00o\\x00g\\x00r\\x00a\\x00p\\x00h\\x00i\\x00c\\x00B\\x00u\\x00f\\x00f\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00x\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc0\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x0fu:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00x\\xffd4\\xffa8\\x07+\\x02\\x00\\x00P\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00\\xffe0\\x0b\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\xffe0\\x0b\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffe1\\xffa5\\x07+\\x02\\x00\\x00P\\xffd4\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2336 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivationType" } ], "repeated": 0, "id": 2337 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2338 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12716", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1699a000" }, { "name": "ModuleName", "value": "wpnapps.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2339 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Server" } ], "repeated": 0, "id": 2340 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ec" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "C:\\Windows\\System32\\CryptoWinRT.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\DllPath" } ], "repeated": 0, "id": 2341 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Threading" } ], "repeated": 0, "id": 2342 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\TrustLevel" } ], "repeated": 0, "id": 2343 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000004ec" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\CustomAttributes" } ], "repeated": 0, "id": 2344 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\RemoteServer" } ], "repeated": 0, "id": 2345 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateAsUser" } ], "repeated": 0, "id": 2346 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2347 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2348 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Permissions" } ], "repeated": 0, "id": 2349 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ec" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2350 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ec" } ], "repeated": 0, "id": 2351 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CryptoWinRT" }, { "name": "DllBase", "value": "0x7ffc0c8d0000" } ], "repeated": 0, "id": 2352 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\CryptoWinRT.dll" }, { "name": "BaseAddress", "value": "0x7ffc0c8d0000" } ], "repeated": 0, "id": 2353 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc0c8d0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\CryptoWinRT.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 2354 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "CryptoWinRT.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0c8d0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0c8df560" } ], "repeated": 0, "id": 2355 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "CryptoWinRT.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0c8d0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0c8d8590" } ], "repeated": 0, "id": 2356 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "CryptoWinRT.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0c8d0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0c8d5cd0" } ], "repeated": 0, "id": 2357 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004f8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Security.Cryptography.Core.HashAlgorithmNames" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames" } ], "repeated": 0, "id": 2358 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004f8" }, { "name": "KeyInformation", "value": "7_\\xffea\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00j\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00C\\x00r\\x00y\\x00p\\x00t\\x00o\\x00g\\x00r\\x00a\\x00p\\x00h\\x00y\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00H\\x00a\\x00s\\x00h\\x00A\\x00l\\x00g\\x00o\\x00r\\x00i\\x00t\\x00h\\x00m\\x00N\\x00a\\x00m\\x00e\\x00s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00x\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffc0\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00?u:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00x\\xffd7\\xffa8\\x07+\\x02\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00Pu\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x10\\xff93\\xffa4\\x07+\\x02\\x00\\x00Pu\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffc1\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2359 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivationType" } ], "repeated": 0, "id": 2360 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Server" } ], "repeated": 0, "id": 2361 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\CryptoWinRT.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\DllPath" } ], "repeated": 0, "id": 2362 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Threading" } ], "repeated": 0, "id": 2363 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\TrustLevel" } ], "repeated": 0, "id": 2364 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000004f8" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\CustomAttributes" } ], "repeated": 0, "id": 2365 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\RemoteServer" } ], "repeated": 0, "id": 2366 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateAsUser" } ], "repeated": 0, "id": 2367 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2368 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2369 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Permissions" } ], "repeated": 0, "id": 2370 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2371 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" } ], "repeated": 0, "id": 2372 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004f8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Security.Cryptography.Core.HashAlgorithmProvider" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider" } ], "repeated": 0, "id": 2373 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004f8" }, { "name": "KeyInformation", "value": "7_\\xffea\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00p\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00C\\x00r\\x00y\\x00p\\x00t\\x00o\\x00g\\x00r\\x00a\\x00p\\x00h\\x00y\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00H\\x00a\\x00s\\x00h\\x00A\\x00l\\x00g\\x00o\\x00r\\x00i\\x00t\\x00h\\x00m\\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc0\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x0fu:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00 x\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Y\\xffa6\\x07+\\x02\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffa0\\xff89\\xffa8\\x07+\\x02\\x00\\x00 x\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffc1\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2374 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivationType" } ], "repeated": 0, "id": 2375 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Server" } ], "repeated": 0, "id": 2376 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\CryptoWinRT.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\DllPath" } ], "repeated": 0, "id": 2377 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Threading" } ], "repeated": 0, "id": 2378 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\TrustLevel" } ], "repeated": 0, "id": 2379 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000004f8" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\CustomAttributes" } ], "repeated": 0, "id": 2380 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\RemoteServer" } ], "repeated": 0, "id": 2381 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateAsUser" } ], "repeated": 0, "id": 2382 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2383 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2384 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Permissions" } ], "repeated": 0, "id": 2385 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f8" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2386 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" } ], "repeated": 0, "id": 2387 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000001b0" }, { "name": "HandleName", "value": "\\Device\\KsecDD" }, { "name": "IoControlCode", "value": "0x00390400" }, { "name": "InputBuffer", "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00S\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00A\\x002\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffS\\x00H\\x00A\\x002\\x005\\x006\\x00\\x00\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2388 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "bcryptprimitives.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b0c0000" }, { "name": "FunctionName", "value": "GetHashInterface" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b0d4460" } ], "repeated": 0, "id": 2389 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "Expiration" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\Expiration" } ], "repeated": 0, "id": 2390 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" } ], "repeated": 0, "id": 2391 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004f4" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.ApplicationModel.Core.CoreApplication" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication" } ], "repeated": 0, "id": 2392 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004f4" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\xfffc\\x7f\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc3\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00O\n:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff91\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x10\\xff91\\xffa9\\x07+\\x02\\x00\\x00\\xffb0y\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff91\\xffa9\\x07+\\x02\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffb0y\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc4\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2393 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType" } ], "repeated": 0, "id": 2394 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server" } ], "repeated": 0, "id": 2395 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\twinapi.appcore.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath" } ], "repeated": 0, "id": 2396 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading" } ], "repeated": 0, "id": 2397 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel" } ], "repeated": 0, "id": 2398 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000004f4" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes" } ], "repeated": 0, "id": 2399 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer" } ], "repeated": 0, "id": 2400 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser" } ], "repeated": 0, "id": 2401 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2402 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2403 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions" } ], "repeated": 0, "id": 2404 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004f4" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2405 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" } ], "repeated": 0, "id": 2406 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "ApplicationService:30201dceeeac8522a1b" } ], "repeated": 0, "id": 2407 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2408 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 2409 }, { "timestamp": "2026-05-28 21:41:47,410", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004fc" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2410 }, { "timestamp": "2026-05-28 21:41:47,644", "thread_id": "12436", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "__notification__", "api": "__anomaly__", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadIdentifier", "value": "12436" }, { "name": "Subcategory", "value": "unhook" }, { "name": "FunctionName", "value": "CommandLineToArgvW" }, { "name": "FunctionAddress", "value": "0x7ffc2b16eb30" }, { "name": "UnhookType", "value": "restored" } ], "repeated": 0, "id": 2411 }, { "timestamp": "2026-05-28 21:41:48,144", "thread_id": "12412", "caller": "0x7ffc2d110880", "parentcaller": "0x7ffc2d113008", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09460000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 2412 }, { "timestamp": "2026-05-28 21:41:48,144", "thread_id": "12412", "caller": "0x7ffc2d110880", "parentcaller": "0x7ffc2d113008", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b094e7000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 2413 }, { "timestamp": "2026-05-28 21:41:48,144", "thread_id": "12412", "caller": "0x7ffc2d110880", "parentcaller": "0x7ffc2d113008", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b094ea000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 2414 }, { "timestamp": "2026-05-28 21:41:48,144", "thread_id": "12412", "caller": "0x7ffc2d110880", "parentcaller": "0x7ffc2d113008", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b09466000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 2415 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc259df406", "parentcaller": "0x7ffc259a0733", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2416 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000504" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Foundation.Collections.PropertySet" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet" } ], "repeated": 0, "id": 2417 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000504" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00C\\x00o\\x00l\\x00l\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00S\\x00e\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xfff0/\\xff95P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffdf&\\xffcc\\xffe5\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff91\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x10\\xff91\\xffa9\\x07+\\x02\\x00\\x00@v\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff91\\xffa9\\x07+\\x02\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x102\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffdf\\xffa8\\x07+\\x02\\x00\\x00@v\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xfff1/\\xff95P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2418 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType" } ], "repeated": 0, "id": 2419 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server" } ], "repeated": 0, "id": 2420 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath" } ], "repeated": 0, "id": 2421 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading" } ], "repeated": 0, "id": 2422 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel" } ], "repeated": 0, "id": 2423 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000504" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\CustomAttributes" } ], "repeated": 0, "id": 2424 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer" } ], "repeated": 0, "id": 2425 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser" } ], "repeated": 0, "id": 2426 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2427 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2428 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions" } ], "repeated": 0, "id": 2429 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2430 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" } ], "repeated": 0, "id": 2431 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "BaseAddress", "value": "0x7ffc26fe0000" } ], "repeated": 0, "id": 2432 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc26fe0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 2433 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "ModuleHandle", "value": "0x7ffc26fe0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc26fe9590" } ], "repeated": 0, "id": 2434 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "ModuleHandle", "value": "0x7ffc26fe0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc26fe90f0" } ], "repeated": 0, "id": 2435 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "ModuleHandle", "value": "0x7ffc26fe0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc26ff47b0" } ], "repeated": 0, "id": 2436 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2711d000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2437 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2711d000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2438 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc259a91f4", "parentcaller": "0x7ffc259a8d56", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2439 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aa4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2440 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc259a926f", "parentcaller": "0x7ffc259a8d56", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa0\\x1d\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00@\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00t\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x1f\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x1f\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x90\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x16\\x1f\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x1c\\x1f\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 2441 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc259a1c1b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 2442 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc259a1d43", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 2443 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc259a1dc0", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 2444 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc259a3b54", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 2445 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc259cdff2", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 2446 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad7ed78", "parentcaller": "0x7ffc259a1eea", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 2447 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc259ba9cc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2448 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc259a2239", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2449 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc259a2239", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000508" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2450 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc259a2239", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2451 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc259a2239", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2452 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc259e14d3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" } ], "repeated": 0, "id": 2453 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc259e14d3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000508" } ], "repeated": 0, "id": 2454 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad7dd5d", "parentcaller": "0x7ffc259e57fb", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" } ], "repeated": 0, "id": 2455 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc259e14d3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000504" } ], "repeated": 0, "id": 2456 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad83a9c", "parentcaller": "0x7ffc2ad83529", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 2457 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad83f4b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2458 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae04fd4", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000508" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\XAML" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\XAML" } ], "repeated": 0, "id": 2459 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad82fe4", "parentcaller": "0x7ffc259e154d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000508" }, { "name": "ValueName", "value": "OneCoreTransformsEnabledByDefault" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault" } ], "repeated": 0, "id": 2460 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad83018", "parentcaller": "0x7ffc259e154d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000508" } ], "repeated": 0, "id": 2461 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc2b42ea0e", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "oleaut32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ca70000" } ], "repeated": 0, "id": 2462 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004fc" } ], "repeated": 0, "id": 2463 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b107d0000" }, { "name": "RegionSize", "value": "0x00100000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2464 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b107d0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2465 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004fc" } ], "repeated": 0, "id": 2466 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\x1d\\xaa\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2467 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004fc" } ], "repeated": 0, "id": 2468 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "ApplicationService:30201dceeeac8522a1b" } ], "repeated": 0, "id": 2469 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004fc" }, { "name": "DesiredAccess", "value": "0x000f0007", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE" }, { "name": "ObjectAttributes", "value": "ApplicationService:30201dceeeac8522a1b" }, { "name": "FileHandle", "value": "0x00000000" }, { "name": "FileName", "value": "" } ], "repeated": 0, "id": 2470 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004fc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108d0000" }, { "name": "SectionOffset", "value": "0x5093d9cac0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2471 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108d0000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 2472 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000050c" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Foundation.PropertyValue" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue" } ], "repeated": 0, "id": 2473 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000050c" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xfff5d\\x010\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffc4\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x10'\\xffa9\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffbf\n:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x10'\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x10'\\xffa9\\x07+\\x02\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xffe0\\x0b\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xffe06\\xffa9\\x07+\\x02\\x00\\x00\\xffe06\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe06\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x10'\\xffa9\\x07+\\x02\\x00\\x00\\xffe0\\x0b\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffc5\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2474 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType" } ], "repeated": 0, "id": 2475 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server" } ], "repeated": 0, "id": 2476 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath" } ], "repeated": 0, "id": 2477 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading" } ], "repeated": 0, "id": 2478 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel" } ], "repeated": 0, "id": 2479 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000050c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes" } ], "repeated": 0, "id": 2480 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer" } ], "repeated": 0, "id": 2481 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser" } ], "repeated": 0, "id": 2482 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2483 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2484 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions" } ], "repeated": 0, "id": 2485 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2486 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" } ], "repeated": 0, "id": 2487 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000050c" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.UI.StartScreen.SecondaryTile" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile" } ], "repeated": 0, "id": 2488 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000050c" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00H\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00S\\x00t\\x00a\\x00r\\x00t\\x00S\\x00c\\x00r\\x00e\\x00e\\x00n\\x00.\\x00S\\x00e\\x00c\\x00o\\x00n\\x00d\\x00a\\x00r\\x00y\\x00T\\x00i\\x00l\\x00e\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffa1\\xffa4\\x070\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffc7\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x1f\\x0e:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9d\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00P\\xff9d\\xffa9\\x07+\\x02\\x00\\x00\\xffa0z\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9d\\xffa9\\x07+\\x02\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\xffa0z\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffc8\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffe1\\xffa5\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2489 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivationType" } ], "repeated": 0, "id": 2490 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Server" } ], "repeated": 0, "id": 2491 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\DllPath" } ], "repeated": 0, "id": 2492 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Threading" } ], "repeated": 0, "id": 2493 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\TrustLevel" } ], "repeated": 0, "id": 2494 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000050c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\CustomAttributes" } ], "repeated": 0, "id": 2495 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\RemoteServer" } ], "repeated": 0, "id": 2496 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateAsUser" } ], "repeated": 0, "id": 2497 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2498 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2499 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Permissions" } ], "repeated": 0, "id": 2500 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2501 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" } ], "repeated": 0, "id": 2502 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12756", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 2503 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2504 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa0\\x1d\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00@\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00t\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x1f\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x1f\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x90\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x16\\x1f\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x1c\\x1f\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 2505 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2506 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa0\\x1d\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00@\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00t\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x1f\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x1f\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x90\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x16\\x1f\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x1c\\x1f\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 2507 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2508 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa0\\x1d\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00@\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00t\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x1f\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x1f\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x90\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x16\\x1f\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x1c\\x1f\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 2509 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfc\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00$0\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 0, "id": 2510 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 2511 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00V\\xe6\\x9c \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 2512 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ab7000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2513 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000050c" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.Tiles.SecondaryTileStore" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore" } ], "repeated": 0, "id": 2514 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000050c" }, { "name": "KeyInformation", "value": "7_\\xffea\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00T\\x00i\\x00l\\x00e\\x00s\\x00.\\x00S\\x00e\\x00c\\x00o\\x00n\\x00d\\x00a\\x00r\\x00y\\x00T\\x00i\\x00l\\x00e\\x00S\\x00t\\x00o\\x00r\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xffec\\xffef\\xff944\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00x\\xffd0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffeb\\xffef\\xff94P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffaf#\\x0c\\xffe4\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00x\\xffd0\\xffa8\\x07+\\x02\\x00\\x00P\\xffd0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd0\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00 s\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00 s\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffec\\xffef\\xff94P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe06\\xffa9\\x07+\\x02\\x00\\x00P\\xffd0\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2515 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-downlevel-shell32-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b150000" } ], "repeated": 0, "id": 2516 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b150000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-downlevel-shell32-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 2517 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivationType" } ], "repeated": 0, "id": 2518 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "shcore.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b150000" }, { "name": "FunctionName", "value": "CommandLineToArgvW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b16eb30" } ], "repeated": 0, "id": 2519 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Server" } ], "repeated": 0, "id": 2520 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\TileDataRepository.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\DllPath" } ], "repeated": 0, "id": 2521 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Threading" } ], "repeated": 0, "id": 2522 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 2523 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\TrustLevel" } ], "repeated": 0, "id": 2524 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000050c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\CustomAttributes" } ], "repeated": 0, "id": 2525 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2526 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\RemoteServer" } ], "repeated": 0, "id": 2527 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa0\\x1d\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00@\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00t\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x90\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x1f\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xb8\\x1f\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\x1f\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\x90\\x1e\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x16\\x1f\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\x1c\\x1f\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 2528 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateAsUser" } ], "repeated": 0, "id": 2529 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2530 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2531 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Permissions" } ], "repeated": 0, "id": 2532 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000050c" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2533 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000050c" } ], "repeated": 0, "id": 2534 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12752", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xd01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12752" } ], "repeated": 0, "id": 2535 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000518" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.ApplicationModel.Background.BackgroundTaskRegistration" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration" } ], "repeated": 0, "id": 2536 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000518" }, { "name": "KeyInformation", "value": "[\\xff9a\\xffe5\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00|\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00T\\x00a\\x00s\\x00k\\x00R\\x00e\\x00g\\x00i\\x00s\\x00t\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd2\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff90\\xffa0\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00?\\x1b:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xff90\\xffa0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xff90\\xffa0\\xffa8\\x07+\\x02\\x00\\x00P\\xff9e\\xffa9\\x07+\\x02\\x00\\x00P\\x7f\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffa9\\x07+\\x02\\x00\\x00`:\\xffa9\\x07+\\x02\\x00\\x00`:\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffa0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`:\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff90\\xffa0\\xffa8\\x07+\\x02\\x00\\x00P\\x7f\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd3\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x0008\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2537 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000518" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType" } ], "repeated": 0, "id": 2538 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000518" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server" } ], "repeated": 0, "id": 2539 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000518" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\biwinrt.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath" } ], "repeated": 0, "id": 2540 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000518" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2541 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000518" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions" } ], "repeated": 0, "id": 2542 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000518" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2543 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000518" } ], "repeated": 0, "id": 2544 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xd3\\xea\\x9c \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 2545 }, { "timestamp": "2026-05-28 21:41:49,473", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.StateRepository" }, { "name": "DllBase", "value": "0x7ffc20500000" } ], "repeated": 0, "id": 2546 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\TileDataRepository" }, { "name": "DllBase", "value": "0x7ffc17000000" } ], "repeated": 0, "id": 2547 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\TileDataRepository.dll" }, { "name": "BaseAddress", "value": "0x7ffc17000000" } ], "repeated": 0, "id": 2548 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc17000000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\TileDataRepository.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 2549 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "TileDataRepository.dll" }, { "name": "ModuleHandle", "value": "0x7ffc17000000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1701cbe0" } ], "repeated": 0, "id": 2550 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "TileDataRepository.dll" }, { "name": "ModuleHandle", "value": "0x7ffc17000000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1700cfe0" } ], "repeated": 0, "id": 2551 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "TileDataRepository.dll" }, { "name": "ModuleHandle", "value": "0x7ffc17000000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17001270" } ], "repeated": 0, "id": 2552 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\biwinrt" }, { "name": "DllBase", "value": "0x7ffc10950000" } ], "repeated": 0, "id": 2553 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\biwinrt.dll" }, { "name": "BaseAddress", "value": "0x7ffc10950000" } ], "repeated": 0, "id": 2554 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc10950000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\biwinrt.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 2555 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "biwinrt.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10950000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1096bbc0" } ], "repeated": 0, "id": 2556 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "biwinrt.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10950000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1095dd30" } ], "repeated": 0, "id": 2557 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "biwinrt.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10950000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1095ee10" } ], "repeated": 0, "id": 2558 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc1701ab6e", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2559 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1700fde9", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 2560 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc1701ab6e", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2561 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1700fde9", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 2562 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc1702e80f", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000520" } ], "repeated": 0, "id": 2563 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc170266f7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2564 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc1702e80f", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000524" } ], "repeated": 0, "id": 2565 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc170266f7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2566 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc17095000" }, { "name": "ModuleName", "value": "TileDataRepository.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2567 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc17095000" }, { "name": "ModuleName", "value": "TileDataRepository.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2568 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000052c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 2569 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ab8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2570 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000530" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.System.Internal.UserManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager" } ], "repeated": 0, "id": 2571 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000530" }, { "name": "KeyInformation", "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00F\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00U\\x00s\\x00e\\x00r\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00P\\x002\\x00\\x00\\x00\\xfffc\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00>\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe5/\\xff95P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00@;\\xffa9\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffef)\\xffcc\\xffe5\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0u\\xffa4\\x07+\\x02\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00@;\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00@;\\xffa9\\x07+\\x02\\x00\\x00\\xffd0u\\xffa4\\x07+\\x02\\x00\\x000|\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0u\\xffa4\\x07+\\x02\\x00\\x00P>\\xffa9\\x07+\\x02\\x00\\x00P>\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@;\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P>\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00@;\\xffa9\\x07+\\x02\\x00\\x000|\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe6/\\xff95P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0>\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2572 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivationType" } ], "repeated": 0, "id": 2573 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ab9000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2574 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "UserManager" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Server" } ], "repeated": 0, "id": 2575 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivationType" } ], "repeated": 0, "id": 2576 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\DllPath" } ], "repeated": 0, "id": 2577 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Threading" } ], "repeated": 0, "id": 2578 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000538" }, { "name": "KeyInformation", "value": "[\\xff9a\\xffe5\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00r\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00.\\x00B\\x00a\\x00c\\x00k\\x00g\\x00r\\x00o\\x00u\\x00n\\x00d\\x00W\\x00o\\x00r\\x00k\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00p+\\xfffc\\x7f\\x00\\x00h-\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd5\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xfff0\\xff9f\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00?\\x18:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9d\\xffa9\\x07+\\x02\\x00\\x00h-\\xffa6\\x07+\\x02\\x00\\x00@-\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xfff0\\xff9f\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@-\\xffa6\\x07+\\x02\\x00\\x00\\xfff0\\xff9f\\xffa8\\x07+\\x02\\x00\\x00\\xff90\\xff9d\\xffa9\\x07+\\x02\\x00\\x00`\\x0e\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9d\\xffa9\\x07+\\x02\\x00\\x000\\xffef\\xffa5\\x07+\\x02\\x00\\x000\\xffef\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xff9f\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffef\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xfff0\\xff9f\\xffa8\\x07+\\x02\\x00\\x00`\\x0e\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffd6\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00@-\\xffa6\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2579 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\TrustLevel" } ], "repeated": 0, "id": 2580 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000538" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType" } ], "repeated": 0, "id": 2581 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000534" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\CustomAttributes" } ], "repeated": 0, "id": 2582 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000538" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server" } ], "repeated": 0, "id": 2583 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateAsUser" } ], "repeated": 0, "id": 2584 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2585 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2586 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Permissions" } ], "repeated": 0, "id": 2587 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2588 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000538" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel" } ], "repeated": 0, "id": 2589 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000053c" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000498" }, { "name": "ObjectAttributesName", "value": "UserManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager" } ], "repeated": 0, "id": 2590 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000053c" }, { "name": "KeyInformation", "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x16\\x00\\x00\\x00U\\x00s\\x00e\\x00r\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Cp+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffe3\\xffef\\xff94P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff90y\\xffa4\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffbf+\\x0c\\xffe4\\x11\\xffbc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P^\\xffa6\\x07+\\x02\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xff90y\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xff90y\\xffa4\\x07+\\x02\\x00\\x00P^\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff9a\\xffab\\x07+\\x02\\x00\\x00kjD+\\xfffc\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xffe4\\xffef\\xff94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P^\\xffa6\\x07+\\x02\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90y\\xffa4\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\xffe3rD+\\xfffc\\x7f\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00k\\xff89O+\\xfffc\\x7f\\x00\\x00\\xffd8\\xffbah+\\xfffc\\x7f\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xffc8\\xffe3\\xffef\\xff94P\\x00\\x00\\x00\\x01~D+\\xfffc\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00E\\xffaeL+\\xfffc\\x7f\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2591 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "ExePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExePath" } ], "repeated": 0, "id": 2592 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "CommandLine" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\CommandLine" } ], "repeated": 0, "id": 2593 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000538" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2594 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "IdentityType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\IdentityType" } ], "repeated": 0, "id": 2595 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000538" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2596 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Data", "value": "\\x01\\x00\\x14\\x80d\\x00\\x00\\x00p\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x004\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Permissions" } ], "repeated": 0, "id": 2597 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000538" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions" } ], "repeated": 0, "id": 2598 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "ServerType" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServerType" } ], "repeated": 0, "id": 2599 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "AppId" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\AppId" } ], "repeated": 0, "id": 2600 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "Identity" }, { "name": "Data", "value": "nt authority\\system" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Identity" } ], "repeated": 0, "id": 2601 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 2602 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "ServiceName" }, { "name": "Data", "value": "UserManager" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServiceName" } ], "repeated": 0, "id": 2603 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000053c" }, { "name": "ValueName", "value": "ExplicitPsmActivationType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExplicitPsmActivationType" } ], "repeated": 0, "id": 2604 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07abb000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2605 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000053c" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\CustomAttributes" } ], "repeated": 0, "id": 2606 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a0" } ], "repeated": 0, "id": 2607 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2608 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07abc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2609 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aa5000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2610 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 0, "id": 2611 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" } ], "repeated": 0, "id": 2612 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2613 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "UserManager" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Server" } ], "repeated": 0, "id": 2614 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2615 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\DllPath" } ], "repeated": 0, "id": 2616 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}" } ], "repeated": 0, "id": 2617 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\TrustLevel" } ], "repeated": 0, "id": 2618 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000536" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000053a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2619 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2620 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2621 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Permissions" } ], "repeated": 0, "id": 2622 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2623 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2624 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2625 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000534" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 2626 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000538" } ], "repeated": 0, "id": 2627 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2628 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "h\\x0e\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2629 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xc0\\xc9\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2630 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2631 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "Hg\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2632 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2633 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X\\xc3\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2634 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xf5\\x81\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xda_\\x95P\\x00\\x00\\x00\\x98\\xda_\\x95P\\x00\\x00\\x00h\\xda_\\x95P\\x00\\x00\\x00\\x88\\xda_\\x95" } ], "repeated": 0, "id": 2635 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xc3\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd8_\\x95P\\x00\\x00\\x008\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2636 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2637 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xd8\\x0c\\xa6\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3c+\\xfc\\x7f\\x00\\x00i\\x00f\\x00i\\x00c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00P\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00l\\x00" } ], "repeated": 0, "id": 2638 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " \\xc1\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2639 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2640 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x18j\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2641 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2642 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "x\\xc4\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2643 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x9d\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd7_\\x95P\\x00\\x00\\x00\\xf8\\xd6_\\x95P\\x00\\x00\\x00\\xc8\\xd6_\\x95P\\x00\\x00\\x00\\xe8\\xd6_\\x95" } ], "repeated": 0, "id": 2644 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc4\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd4_\\x95P\\x00\\x00\\x008\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2645 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2646 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000538" } ], "repeated": 0, "id": 2647 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000538" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 2648 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2649 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}" } ], "repeated": 0, "id": 2650 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000536" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000532" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2651 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2652 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 2653 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2654 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2655 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2656 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2657 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000534" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 2658 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000530" } ], "repeated": 0, "id": 2659 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2660 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "H{\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2661 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\xc2\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2662 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2663 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xf8k\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2664 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2665 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "x\\xc4\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2666 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xf5\\x81\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xda_\\x95P\\x00\\x00\\x00\\x98\\xda_\\x95P\\x00\\x00\\x00h\\xda_\\x95P\\x00\\x00\\x00\\x88\\xda_\\x95" } ], "repeated": 0, "id": 2667 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc4\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd8_\\x95P\\x00\\x00\\x000\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2668 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2669 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "Xz\\xa9\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2670 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\x22b\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2671 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2672 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xf8h\\xa8\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2673 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2674 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xb8\\xc0\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2675 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x9d\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd7_\\x95P\\x00\\x00\\x00\\xf8\\xd6_\\x95P\\x00\\x00\\x00\\xc8\\xd6_\\x95P\\x00\\x00\\x00\\xe8\\xd6_\\x95" } ], "repeated": 0, "id": 2676 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc0\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd4_\\x95P\\x00\\x00\\x000\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2677 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2678 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" } ], "repeated": 0, "id": 2679 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2680 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}" } ], "repeated": 0, "id": 2681 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004ae" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2682 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000536" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000054a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2683 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2684 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2685 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" } ], "repeated": 0, "id": 2686 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2687 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" } ], "repeated": 0, "id": 2688 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2689 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "Handle", "value": "0x000004ae" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2690 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2691 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2692 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2693 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2694 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2695 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2696 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2697 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2698 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2699 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000536" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2700 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2701 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)" } ], "repeated": 0, "id": 2702 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2703 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "Windows.System.User.ProxyStubFactory" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)" } ], "repeated": 0, "id": 2704 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)" } ], "repeated": 0, "id": 2705 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004ae" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocServer32" } ], "repeated": 0, "id": 2706 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000546" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 2707 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 2708 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000536" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x0000054a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocServer32" } ], "repeated": 0, "id": 2709 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 2710 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 2711 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2712 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2713 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xb0\\xbb/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xb0\\xbc/\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2714 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2715 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2716 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2717 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2718 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2719 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xb0\\xbb/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xb0\\xbc/\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2720 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2721 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" } ], "repeated": 0, "id": 2722 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" } ], "repeated": 0, "id": 2723 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2724 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2725 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x10\\xbd\\xef\\x94P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x006\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x10\\xbe\\xef\\x94P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2726 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2727 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000536" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2728 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2729 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2730 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xb9/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xba/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2731 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2732 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2733 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2734 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" } ], "repeated": 0, "id": 2735 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2736 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000536" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" } ], "repeated": 0, "id": 2737 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2738 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ae" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2739 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2740 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2741 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)" } ], "repeated": 0, "id": 2742 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2743 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2744 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2745 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2746 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2747 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2748 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xb9/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x000\\xba/\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2749 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000536" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2750 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "InprocServer32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocServer32" } ], "repeated": 0, "id": 2751 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2752 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 2753 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)" } ], "repeated": 0, "id": 2754 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\usermgrproxy.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 2755 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "Windows.System.User.ProxyStubFactory" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)" } ], "repeated": 0, "id": 2756 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 2757 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2758 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2759 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2760 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000536" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x0000054a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocServer32" } ], "repeated": 0, "id": 2761 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2762 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 2763 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2764 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "p\\xb8/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00p\\xb9/\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2765 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" } ], "repeated": 0, "id": 2766 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 2767 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler" } ], "repeated": 0, "id": 2768 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\usermgrproxy.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 2769 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43a825", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004ae" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\AppID" } ], "repeated": 0, "id": 2770 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2771 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 2772 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2773 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xb0\\xb7/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xae\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xb0\\xb8/\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2774 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" } ], "repeated": 0, "id": 2775 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\LocalServer" } ], "repeated": 0, "id": 2776 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2777 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004ae" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2778 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2779 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000004ae" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\LocalServer" } ], "repeated": 0, "id": 2780 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2781 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000536" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2782 }, { "timestamp": "2026-05-28 21:41:49,488", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000536" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32" } ], "repeated": 0, "id": 2783 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000376" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 1, "id": 2784 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b43ad16", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2785 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000548" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2786 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b43ad4d", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000546" }, { "name": "SubKey", "value": "Elevation" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\Elevation" } ], "repeated": 0, "id": 2787 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b43adb1", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2788 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" } ], "repeated": 0, "id": 2789 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" } ], "repeated": 0, "id": 2790 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2791 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4325e9", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "Handle", "value": "0x000004ae" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2792 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4325e9", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } ], "repeated": 0, "id": 2793 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ae" } ], "repeated": 0, "id": 2794 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2795 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2796 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000536" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs" } ], "repeated": 0, "id": 2797 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2798 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2799 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2800 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\usermgrproxy" }, { "name": "DllBase", "value": "0x7ffc23800000" } ], "repeated": 0, "id": 2801 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\usermgrproxy.dll" }, { "name": "BaseAddress", "value": "0x7ffc23800000" } ], "repeated": 0, "id": 2802 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc23800000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\usermgrproxy.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 2803 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2c581630", "parentcaller": "0x7ffc2c5812cd", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2804 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "usermgrproxy.dll" }, { "name": "ModuleHandle", "value": "0x7ffc23800000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2380c750" } ], "repeated": 0, "id": 2805 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "usermgrproxy.dll" }, { "name": "ModuleHandle", "value": "0x7ffc23800000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2380a040" } ], "repeated": 0, "id": 2806 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "usermgrproxy.dll" }, { "name": "ModuleHandle", "value": "0x7ffc23800000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2380cee0" } ], "repeated": 0, "id": 2807 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}" } ], "repeated": 0, "id": 2808 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}" } ], "repeated": 0, "id": 2809 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000546" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000054e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2810 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2811 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054a" } ], "repeated": 0, "id": 2812 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2813 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2814 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2815 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2816 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054e" } ], "repeated": 0, "id": 2817 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2818 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b1dfa", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "99B29D3B-368A-4BE6-B675-805A69114497" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 2819 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25451000" }, { "name": "ModuleName", "value": "OneCoreUAPCommonProxyStub.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2820 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25451000" }, { "name": "ModuleName", "value": "OneCoreUAPCommonProxyStub.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2821 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}" } ], "repeated": 0, "id": 2822 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000546" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000054e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2823 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2824 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000054e" } ], "repeated": 0, "id": 2825 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2826 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2827 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2828 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc1700dc24", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000520" } ], "repeated": 0, "id": 2829 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc1700dc24", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000524" } ], "repeated": 0, "id": 2830 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 2831 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc1700c697", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2832 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc1700c717", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00l\\xa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 2833 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc170016e6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 2834 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aa8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2835 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 2836 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07abd000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2837 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07abe000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2838 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.StateRepository.SecondaryTileView" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView" } ], "repeated": 0, "id": 2839 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "KeyInformation", "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00d\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00S\\x00e\\x00c\\x00o\\x00n\\x00d\\x00a\\x00r\\x00y\\x00T\\x00i\\x00l\\x00e\\x00V\\x00i\\x00e\\x00w\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffe4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffe6/\\xff95P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffe0p\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffbf(\\xffcc\\xffe5\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffe4\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffe4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffe0p\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe4\\xffa8\\x07+\\x02\\x00\\x00\\xffe0p\\xffab\\x07+\\x02\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x00`\\x0e\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff9e\\xffa9\\x07+\\x02\\x00\\x000\\xffef\\xffa5\\x07+\\x02\\x00\\x000\\xffef\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0p\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffef\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffe0p\\xffab\\x07+\\x02\\x00\\x00`\\x0e\\xffa6\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffe7/\\xff95P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffee\\xffa5\\x07+\\x02\\x00\\x00\\xffd0\\xffe4\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2840 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000530" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.StateRepository.SecondaryTileView" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView" } ], "repeated": 0, "id": 2841 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000530" }, { "name": "KeyInformation", "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00d\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00S\\x00e\\x00c\\x00o\\x00n\\x00d\\x00a\\x00r\\x00y\\x00T\\x00i\\x00l\\x00e\\x00V\\x00i\\x00e\\x00w\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe7\\xffef\\xff94P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0t\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\x1f.\\x0c\\xffe4\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff99\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffd0t\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\xffd0t\\xffab\\x07+\\x02\\x00\\x00P\\xff99\\xffa9\\x07+\\x02\\x00\\x00\\xffd0|\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff99\\xffa9\\x07+\\x02\\x00\\x00 \\xff95\\xffab\\x07+\\x02\\x00\\x00 \\xff95\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0t\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff95\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0t\\xffab\\x07+\\x02\\x00\\x00\\xffd0|\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe8\\xffef\\xff94P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff99\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xffd7\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2842 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Server" } ], "repeated": 0, "id": 2843 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\DllPath" } ], "repeated": 0, "id": 2844 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Threading" } ], "repeated": 0, "id": 2845 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\RemoteServer" } ], "repeated": 0, "id": 2846 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateAsUser" } ], "repeated": 0, "id": 2847 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\TrustLevel" } ], "repeated": 0, "id": 2848 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2849 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2850 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Permissions" } ], "repeated": 0, "id": 2851 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2852 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" } ], "repeated": 0, "id": 2853 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2854 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2855 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2856 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad83e41", "parentcaller": "0x7ffc2ae043b9", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Permissions" } ], "repeated": 0, "id": 2857 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2858 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 2859 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Foundation.Collections.ValueSet" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet" } ], "repeated": 0, "id": 2860 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00N\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00C\\x00o\\x00l\\x00l\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00.\\x00V\\x00a\\x00l\\x00u\\x00e\\x00S\\x00e\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00x\\xffeb\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffdc_\\xff95P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffaf\\x12\\xffbc\\xffe5\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffa9\\x07+\\x02\\x00\\x00x\\xffeb\\xffa8\\x07+\\x02\\x00\\x00P\\xffeb\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffeb\\xffa8\\x07+\\x02\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00P\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xfff0\\xfff5\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff9e\\xffa9\\x07+\\x02\\x00\\x00\\xff80\\xff99\\xffab\\x07+\\x02\\x00\\x00\\xff80\\xff99\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff99\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffb0\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\xfff0\\xfff5\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffdd_\\xff95P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xff99\\xffab\\x07+\\x02\\x00\\x00P\\xffeb\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2861 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType" } ], "repeated": 0, "id": 2862 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server" } ], "repeated": 0, "id": 2863 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath" } ], "repeated": 0, "id": 2864 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading" } ], "repeated": 0, "id": 2865 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel" } ], "repeated": 0, "id": 2866 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000544" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\CustomAttributes" } ], "repeated": 0, "id": 2867 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2868 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser" } ], "repeated": 0, "id": 2869 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2870 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2871 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions" } ], "repeated": 0, "id": 2872 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad83e41", "parentcaller": "0x7ffc2ae043b9", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2873 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 2874 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b3f72108-5c5c-469b-a5e5-3f64d2a39b01}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2875 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad843a6", "parentcaller": "0x7ffc2b4afad3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 2876 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 2877 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00D\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00r\\x00e\\x00a\\x00m\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00W\\x00r\\x00i\\x00t\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xfffc\\x7f\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00x\\xffe0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffdb_\\xff95P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff90\\xff95\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff9f\\x12\\xffbc\\xffe5\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90X\\xffa6\\x07+\\x02\\x00\\x00x\\xffe0\\xffa8\\x07+\\x02\\x00\\x00P\\xffe0\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xff90\\xff95\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffe0\\xffa8\\x07+\\x02\\x00\\x00\\xff90\\xff95\\xffab\\x07+\\x02\\x00\\x00\\xff90X\\xffa6\\x07+\\x02\\x00\\x00\\xffe0\\xfff1\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90X\\xffa6\\x07+\\x02\\x00\\x00\\xff80\\xff99\\xffab\\x07+\\x02\\x00\\x00\\xff80\\xff99\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xff95\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\xff99\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff90\\xff95\\xffab\\x07+\\x02\\x00\\x00\\xffe0\\xfff1\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffdc_\\xff95P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff91\\xffab\\x07+\\x02\\x00\\x00P\\xffe0\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2878 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2879 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2880 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType" } ], "repeated": 0, "id": 2881 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server" } ], "repeated": 0, "id": 2882 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath" } ], "repeated": 0, "id": 2883 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivationType" } ], "repeated": 0, "id": 2884 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading" } ], "repeated": 0, "id": 2885 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Server" } ], "repeated": 0, "id": 2886 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\DllPath" } ], "repeated": 0, "id": 2887 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000544" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\CustomAttributes" } ], "repeated": 0, "id": 2888 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer" } ], "repeated": 0, "id": 2889 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser" } ], "repeated": 0, "id": 2890 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateAsUser" } ], "repeated": 0, "id": 2891 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2892 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Permissions" } ], "repeated": 0, "id": 2893 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12792", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 2894 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2895 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" } ], "repeated": 0, "id": 2896 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aa9000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2897 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 2898 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{D81E96F1-A89C-417E-9335-59531026309D}" }, { "name": "Handle", "value": "0x00000552" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D81E96F1-A89C-417E-9335-59531026309D}" } ], "repeated": 0, "id": 2899 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000552" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000556" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{d81e96f1-a89c-417e-9335-59531026309d}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2900 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{d81e96f1-a89c-417e-9335-59531026309d}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2901 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad843a6", "parentcaller": "0x7ffc2b4afad3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 2902 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 2903 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2904 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2905 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2906 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{3BED20A5-6DEE-4297-B976-3B30DF69A7AA}" }, { "name": "Handle", "value": "0x00000532" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3BED20A5-6DEE-4297-B976-3B30DF69A7AA}" } ], "repeated": 0, "id": 2907 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000552" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000556" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2908 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000532" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2909 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2910 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2911 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 2912 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2913 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 2914 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 2915 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2916 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2917 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12752", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ac2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2918 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2919 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2920 }, { "timestamp": "2026-05-28 21:41:49,504", "thread_id": "12716", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ac4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2921 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc27001f48", "parentcaller": "0x7ffc270026b1", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2922 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1099f000" }, { "name": "ModuleName", "value": "biwinrt.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2923 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1099f000" }, { "name": "ModuleName", "value": "biwinrt.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2924 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000550" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Storage.Streams.DataReader" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader" } ], "repeated": 0, "id": 2925 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000550" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00D\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00r\\x00e\\x00a\\x00m\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00R\\x00e\\x00a\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x005\\x00\\x00\\x00\\x00\\x00\\x00\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffea\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd7_\\xff95P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffe0\\xff9d\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00_\\x1e\\xffbc\\xffe5\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P^\\xffa6\\x07+\\x02\\x00\\x00\\xfff8\\xffea\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffea\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffe0\\xff9d\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffea\\xffa8\\x07+\\x02\\x00\\x00\\xffe0\\xff9d\\xffab\\x07+\\x02\\x00\\x00P^\\xffa6\\x07+\\x02\\x00\\x00\\xffb0\\xfff4\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00P^\\xffa6\\x07+\\x02\\x00\\x00P\\xff97\\xffab\\x07+\\x02\\x00\\x00P\\xff97\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff9d\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xff97\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffe0\\xff9d\\xffab\\x07+\\x02\\x00\\x00\\xffb0\\xfff4\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffd8_\\xff95P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xffea\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 2926 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2927 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivationType" } ], "repeated": 0, "id": 2928 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Server" } ], "repeated": 0, "id": 2929 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\DllPath" } ], "repeated": 0, "id": 2930 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Threading" } ], "repeated": 0, "id": 2931 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2932 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\TrustLevel" } ], "repeated": 0, "id": 2933 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000550" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\CustomAttributes" } ], "repeated": 0, "id": 2934 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\RemoteServer" } ], "repeated": 0, "id": 2935 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateAsUser" } ], "repeated": 0, "id": 2936 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInSharedBroker" } ], "repeated": 0, "id": 2937 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 2938 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Permissions" } ], "repeated": 0, "id": 2939 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000550" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateOnHostFlags" } ], "repeated": 0, "id": 2940 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" } ], "repeated": 0, "id": 2941 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07b0a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2942 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{7F290DA0-75E3-5885-898D-1F5B1ED47ED2}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7F290DA0-75E3-5885-898D-1F5B1ED47ED2}" } ], "repeated": 0, "id": 2943 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{7F290DA0-75E3-5885-898D-1F5B1ED47ED2}" }, { "name": "Handle", "value": "0x00000552" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7F290DA0-75E3-5885-898D-1F5B1ED47ED2}" } ], "repeated": 0, "id": 2944 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2945 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 2946 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2947 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000552" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000556" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2948 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2949 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 2950 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 2951 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{9ED07B24-36FD-543B-948E-B01FE5814B49}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9ED07B24-36FD-543B-948E-B01FE5814B49}" } ], "repeated": 0, "id": 2952 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000546" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 2953 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000546" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2954 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xda/\\x95P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00F\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xe0\\xdb/\\x95P\\x00\\x00\\x00" } ], "repeated": 0, "id": 2955 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2956 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000546" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2957 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{9ED07B24-36FD-543B-948E-B01FE5814B49}" }, { "name": "Handle", "value": "0x00000552" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9ED07B24-36FD-543B-948E-B01FE5814B49}" } ], "repeated": 0, "id": 2958 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2959 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 2960 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 2961 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2962 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2963 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000552" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000556" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2964 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{EFE869FC-5841-55F1-AA56-82C7219AAA09}" }, { "name": "Handle", "value": "0x0000055a" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{EFE869FC-5841-55F1-AA56-82C7219AAA09}" } ], "repeated": 0, "id": 2965 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2966 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 2967 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 2968 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000055a" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x0000055e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2969 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{EFE869FC-5841-55F1-AA56-82C7219AAA09}" }, { "name": "Handle", "value": "0x00000552" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{EFE869FC-5841-55F1-AA56-82C7219AAA09}" } ], "repeated": 0, "id": 2970 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000055e" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2971 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000055e" } ], "repeated": 0, "id": 2972 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000055a" } ], "repeated": 0, "id": 2973 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2974 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2975 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000552" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000556" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2976 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2977 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 2978 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 2979 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12752", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xd01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12752" } ], "repeated": 0, "id": 2980 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 2981 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 2, "id": 2982 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}" }, { "name": "Handle", "value": "0x00000562" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}" } ], "repeated": 0, "id": 2983 }, { "timestamp": "2026-05-28 21:41:49,519", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000562" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000566" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2984 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2985 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" } ], "repeated": 0, "id": 2986 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000562" } ], "repeated": 0, "id": 2987 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2988 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2989 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2990 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000560" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 2991 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000564" } ], "repeated": 0, "id": 2992 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2993 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x88\\xf2\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2994 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\xcb\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\xc0\\x90\\xc2\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 2995 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2996 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xd8Q\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2997 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2998 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xb8\\xc0\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2999 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xb5\\x9b\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xe0\\xd0_\\x95P\\x00\\x00\\x00\\xd8\\xd0_\\x95P\\x00\\x00\\x00\\xa8\\xd0_\\x95P\\x00\\x00\\x00\\xc8\\xd0_\\x95" } ], "repeated": 0, "id": 3000 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc0\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xce_\\x95P\\x00\\x00\\x00d\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3001 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3002 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xa8\\xf0\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3003 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\xc5\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xcfc+\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x0e\\x06'\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3004 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3005 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x88S\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3006 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3007 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X\\xc6\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3008 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x15\\x97\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00@\\xcd_\\x95P\\x00\\x00\\x008\\xcd_\\x95P\\x00\\x00\\x00\\x08\\xcd_\\x95P\\x00\\x00\\x00(\\xcd_\\x95" } ], "repeated": 0, "id": 3009 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xc6\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xcb_\\x95P\\x00\\x00\\x00d\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3010 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 0, "id": 3011 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" } ], "repeated": 2, "id": 3012 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}" }, { "name": "Handle", "value": "0x00000566" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}" } ], "repeated": 0, "id": 3013 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000566" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000562" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3014 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000562" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3015 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000562" } ], "repeated": 0, "id": 3016 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" } ], "repeated": 0, "id": 3017 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3018 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3019 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3020 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000564" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 3021 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000560" } ], "repeated": 0, "id": 3022 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3023 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xd8\\xf2\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3024 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xc0\\xc9\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x8396\\xd4\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3025 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3026 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "hU\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3027 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3028 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "X\\xc6\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3029 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xf5\\x81\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xda_\\x95P\\x00\\x00\\x00\\x98\\xda_\\x95P\\x00\\x00\\x00h\\xda_\\x95P\\x00\\x00\\x00\\x88\\xda_\\x95" } ], "repeated": 0, "id": 3030 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xc6\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd8_\\x95P\\x00\\x00\\x00`\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3031 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3032 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xf8\\xf5\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\xc0\\xa3c+\\xfc\\x7f\\x00\\x00t\\x00i\\x00v\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00C\\x00l\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3033 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0*\\xa9\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x85\\x95\n\\xa8\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3034 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3035 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xa8Q\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3036 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3037 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xd8-\\xa9\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3038 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00U\\x9d\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xd7_\\x95P\\x00\\x00\\x00\\xf8\\xd6_\\x95P\\x00\\x00\\x00\\xc8\\xd6_\\x95P\\x00\\x00\\x00\\xe8\\xd6_\\x95" } ], "repeated": 0, "id": 3039 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0-\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd4_\\x95P\\x00\\x00\\x00`\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3040 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" } ], "repeated": 0, "id": 3041 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 1, "id": 3042 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}" }, { "name": "Handle", "value": "0x00000562" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}" } ], "repeated": 0, "id": 3043 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000562" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000552" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3044 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3045 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 3046 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000562" } ], "repeated": 0, "id": 3047 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3048 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3049 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3050 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000560" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 3051 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000550" } ], "repeated": 0, "id": 3052 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3053 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x18\\xf9\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\xc0p\\x1c\\xa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3054 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\xc2\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xc6\\x1f+\\xb0\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x89\\xa2\\x1dU\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3055 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3056 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xf8U\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3057 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3058 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xb8\\xc9\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3059 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xb5\\x9b\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xe0\\xd0_\\x95P\\x00\\x00\\x00\\xd8\\xd0_\\x95P\\x00\\x00\\x00\\xa8\\xd0_\\x95P\\x00\\x00\\x00\\xc8\\xd0_\\x95" } ], "repeated": 0, "id": 3060 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xc9\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xce_\\x95P\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3061 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3062 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x08\\xfa\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x8d\\x1aR\\x89\\x87^R\\x0b\\x0b\\x10\\x00\\x00 0\\x00\\x00\\xa9\\x9ex\\xb1R\\xe8\\xd0\\x00LMEM0\\x00\\x00\\x00\\xf8\\xd9\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3063 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " \\xc7\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\xb9v;0\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3064 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3065 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "xT\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3066 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3067 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "8\\xce\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3068 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x15\\x97\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00@\\xcd_\\x95P\\x00\\x00\\x008\\xcd_\\x95P\\x00\\x00\\x00\\x08\\xcd_\\x95P\\x00\\x00\\x00(\\xcd_\\x95" } ], "repeated": 0, "id": 3069 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xce\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xcb_\\x95P\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3070 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 0, "id": 3071 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" } ], "repeated": 2, "id": 3072 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}" }, { "name": "Handle", "value": "0x00000552" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}" } ], "repeated": 0, "id": 3073 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000552" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000562" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3074 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000562" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3075 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000562" } ], "repeated": 0, "id": 3076 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000552" } ], "repeated": 0, "id": 3077 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3078 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3079 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3080 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2c550cd1", "parentcaller": "0x7ffc2c54f28f", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000550" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 3081 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2c550daf", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000560" } ], "repeated": 0, "id": 3082 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d169c4e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3083 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x88\\xf2\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3084 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\xce\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3085 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3086 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x08R\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3087 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3088 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "x\\xcd\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3089 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xb5\\x9b\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xe0\\xd0_\\x95P\\x00\\x00\\x00\\xd8\\xd0_\\x95P\\x00\\x00\\x00\\xa8\\xd0_\\x95P\\x00\\x00\\x00\\xc8\\xd0_\\x95" } ], "repeated": 0, "id": 3090 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xcd\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xc8\\xce_\\x95P\\x00\\x00\\x00`\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3091 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d128cde", "parentcaller": "0x7ffc2d12953a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x96\\xe4\\x11\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00V\\xe4\\x11\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3092 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e46", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xd8\\xf7\\xab\\x07+\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00A\\x00c\\x00t\\x00i\\x00v\\x00a\\x00t\\x00a\\x00b\\x00l\\x00e\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3093 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156e9b", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "`\\xcf\\xab\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00F\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3094 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156ec0", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3095 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f0e", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xc8R\\xac\\x07+\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3096 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f37", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3097 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d156f8f", "parentcaller": "0x7ffc2d128d8f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x98\\xce\\xab\\x07+\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 3098 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d157048", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x15\\x97\\x17\\xc4\\x8b\\x88\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00@\\xcd_\\x95P\\x00\\x00\\x008\\xcd_\\x95P\\x00\\x00\\x00\\x08\\xcd_\\x95P\\x00\\x00\\x00(\\xcd_\\x95" } ], "repeated": 0, "id": 3099 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2d15707b", "parentcaller": "0x7ffc2d156fa8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xce\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xcb_\\x95P\\x00\\x00\\x00`\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 3100 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e27", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000550" } ], "repeated": 0, "id": 3101 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2c550e49", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 1, "id": 3102 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "WindowsGetStringRawBuffer" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b452340" } ], "repeated": 0, "id": 3103 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 3, "id": 3104 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3105 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00107000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3106 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00\\xe8\\x00\\x00\\x00\\x9b\\xb8\\x9d \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00-\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x07\\x00\\x00@\\x00\\x00\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "232" } ], "repeated": 0, "id": 3107 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12792", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" } ], "repeated": 0, "id": 3108 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00-\\xb9\\x9d \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3109 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" } ], "repeated": 0, "id": 3110 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000564" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.UI.Shell.TaskbarManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager" } ], "repeated": 0, "id": 3111 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000564" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00>\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00.\\x00T\\x00a\\x00s\\x00k\\x00b\\x00a\\x00r\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdb\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffcf\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffc6\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffdf\\x07:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10A\\xffac\\x07+\\x02\\x00\\x00\\xfff8\\xffdb\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdb\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00P\\xffc6\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdb\\xffa8\\x07+\\x02\\x00\\x00P\\xffc6\\xffab\\x07+\\x02\\x00\\x00\\x10A\\xffac\\x07+\\x02\\x00\\x00\\x10\\xfff4\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10A\\xffac\\x07+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffc6\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc07\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffc6\\xffab\\x07+\\x02\\x00\\x00\\x10\\xfff4\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffd0\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0:\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffdb\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3112 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivationType" } ], "repeated": 0, "id": 3113 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Server" } ], "repeated": 0, "id": 3114 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\DllPath" } ], "repeated": 0, "id": 3115 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Threading" } ], "repeated": 0, "id": 3116 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\TrustLevel" } ], "repeated": 0, "id": 3117 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000564" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\CustomAttributes" } ], "repeated": 0, "id": 3118 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\RemoteServer" } ], "repeated": 0, "id": 3119 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateAsUser" } ], "repeated": 0, "id": 3120 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3121 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3122 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Permissions" } ], "repeated": 0, "id": 3123 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3124 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" } ], "repeated": 0, "id": 3125 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000564" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.ApplicationModel.TaskbarPinnableSurface" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface" } ], "repeated": 0, "id": 3126 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000564" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00p\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00T\\x00a\\x00s\\x00k\\x00b\\x00a\\x00r\\x00P\\x00i\\x00n\\x00n\\x00a\\x00b\\x00l\\x00e\\x00S\\x00u\\x00r\\x00f\\x00a\\x00c\\x00e\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffcf\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff80\\x7f\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffaf\\x07:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0@\\xffac\\x07+\\x02\\x00\\x00\\xfff8\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xff80\\x7f\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00\\xff80\\x7f\\xffab\\x07+\\x02\\x00\\x00\\xffd0@\\xffac\\x07+\\x02\\x00\\x00\\xffe0\\xfff1\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0@\\xffac\\x07+\\x02\\x00\\x00\\xffd0:\\xffa9\\x07+\\x02\\x00\\x00\\xffd0:\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x7f\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0:\\xffa9\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff80\\x7f\\xffab\\x07+\\x02\\x00\\x00\\xffe0\\xfff1\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffd0\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x0008\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffd4\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3127 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivationType" } ], "repeated": 0, "id": 3128 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Server" } ], "repeated": 0, "id": 3129 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\windows.internal.shell.broker.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\DllPath" } ], "repeated": 0, "id": 3130 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Threading" } ], "repeated": 0, "id": 3131 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\TrustLevel" } ], "repeated": 0, "id": 3132 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000564" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\CustomAttributes" } ], "repeated": 0, "id": 3133 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\RemoteServer" } ], "repeated": 0, "id": 3134 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateAsUser" } ], "repeated": 0, "id": 3135 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3136 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3137 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Permissions" } ], "repeated": 0, "id": 3138 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3139 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" } ], "repeated": 0, "id": 3140 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\dxgi" }, { "name": "DllBase", "value": "0x7ffc29090000" } ], "repeated": 0, "id": 3141 }, { "timestamp": "2026-05-28 21:41:49,535", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\d3d11" }, { "name": "DllBase", "value": "0x7ffc26d70000" } ], "repeated": 0, "id": 3142 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\WININET" }, { "name": "DllBase", "value": "0x7ffc1d2b0000" } ], "repeated": 0, "id": 3143 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 26, "id": 3144 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\windows.internal.shell.broker" }, { "name": "DllBase", "value": "0x7ffc10840000" } ], "repeated": 0, "id": 3145 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "gdi32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2cb50000" } ], "repeated": 0, "id": 3146 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3147 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\windows.internal.shell.broker.dll" }, { "name": "BaseAddress", "value": "0x7ffc10840000" } ], "repeated": 0, "id": 3148 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc10840000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\windows.internal.shell.broker.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 3149 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "windows.internal.shell.broker.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10840000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc10881860" } ], "repeated": 0, "id": 3150 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "windows.internal.shell.broker.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10840000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc10862a90" } ], "repeated": 0, "id": 3151 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "windows.internal.shell.broker.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10840000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc108603b0" } ], "repeated": 0, "id": 3152 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 3153 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 3154 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 3155 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 3156 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3157 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 3158 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 3159 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3160 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3161 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3162 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3163 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3164 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3165 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" } ], "repeated": 0, "id": 3166 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 3167 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 3168 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 3169 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3170 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3171 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3172 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3173 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3174 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3175 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}" }, { "name": "Handle", "value": "0x00000566" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}" } ], "repeated": 0, "id": 3176 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000566" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000556" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3177 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3178 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000556" } ], "repeated": 0, "id": 3179 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" } ], "repeated": 0, "id": 3180 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "Handle", "value": "0x00000566" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" } ], "repeated": 0, "id": 3181 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3182 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3183 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xae\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x000\\xaf\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3184 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" } ], "repeated": 0, "id": 3185 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3186 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" } ], "repeated": 0, "id": 3187 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3188 }, { "timestamp": "2026-05-28 21:41:49,551", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3189 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)" } ], "repeated": 0, "id": 3190 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)" } ], "repeated": 0, "id": 3191 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000566" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000586" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocServer32" } ], "repeated": 0, "id": 3192 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 3193 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 3194 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 3195 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 3196 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" } ], "repeated": 0, "id": 3197 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3198 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3199 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xac\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xc0\\xad\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3200 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32" } ], "repeated": 0, "id": 3201 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3202 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32" } ], "repeated": 0, "id": 3203 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3204 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3205 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xac\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xc0\\xad\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3206 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler" } ], "repeated": 0, "id": 3207 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3208 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler" } ], "repeated": 0, "id": 3209 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" } ], "repeated": 0, "id": 3210 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3211 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3212 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "Handle", "value": "0x00000566" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" } ], "repeated": 0, "id": 3213 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3214 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3215 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xf0\\xaa\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xf0\\xab\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3216 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" } ], "repeated": 0, "id": 3217 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3218 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" } ], "repeated": 0, "id": 3219 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3220 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ac8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3221 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ac9000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3222 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3223 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)" } ], "repeated": 0, "id": 3224 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)" } ], "repeated": 0, "id": 3225 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000566" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x00000586" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocServer32" } ], "repeated": 0, "id": 3226 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 3227 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 3228 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 3229 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 3230 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" } ], "repeated": 0, "id": 3231 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3232 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3233 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xa9\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x80\\xaa\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3234 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32" } ], "repeated": 0, "id": 3235 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3236 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32" } ], "repeated": 0, "id": 3237 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3238 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3239 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xa9\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\x80\\xaa\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3240 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler" } ], "repeated": 0, "id": 3241 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3242 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler" } ], "repeated": 0, "id": 3243 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000566" }, { "name": "SubKey", "value": "LocalServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer32" } ], "repeated": 0, "id": 3244 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000566" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\AppID" } ], "repeated": 0, "id": 3245 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3246 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3247 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xc0\\xa8\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00f\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xc0\\xa9\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3248 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer" } ], "repeated": 0, "id": 3249 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000566" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3250 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000566" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer" } ], "repeated": 0, "id": 3251 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000376" }, { "name": "SubKey", "value": "CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "Handle", "value": "0x00000586" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" } ], "repeated": 0, "id": 3252 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000586" }, { "name": "SubKey", "value": "Elevation" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\Elevation" } ], "repeated": 0, "id": 3253 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" } ], "repeated": 0, "id": 3254 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" } ], "repeated": 0, "id": 3255 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" }, { "name": "Handle", "value": "0x00000566" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" } ], "repeated": 0, "id": 3256 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000566" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs" } ], "repeated": 0, "id": 3257 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000566" } ], "repeated": 0, "id": 3258 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3259 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3260 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\PCShellCommonProxyStub" }, { "name": "DllBase", "value": "0x7ffc11c60000" } ], "repeated": 0, "id": 3261 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll" }, { "name": "BaseAddress", "value": "0x7ffc11c60000" } ], "repeated": 0, "id": 3262 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc11c60000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 3263 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "PCShellCommonProxyStub.dll" }, { "name": "ModuleHandle", "value": "0x7ffc11c60000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc11c61660" } ], "repeated": 0, "id": 3264 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "PCShellCommonProxyStub.dll" }, { "name": "ModuleHandle", "value": "0x7ffc11c60000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 3265 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "PCShellCommonProxyStub.dll" }, { "name": "ModuleHandle", "value": "0x7ffc11c60000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc11c616a0" } ], "repeated": 0, "id": 3266 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3267 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3268 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 3269 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 3270 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 3271 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 3272 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3273 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 3274 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 3275 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000554" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3276 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000554" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3277 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3278 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3279 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3280 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3281 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 3282 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000564" } ], "repeated": 0, "id": 3283 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000554" } ], "repeated": 0, "id": 3284 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000554" } ], "repeated": 0, "id": 3285 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3286 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00pR\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x10S\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x000S\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00DT\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00XT\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00`T\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80T\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x88T\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8T\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00`S\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xe6S\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xecS\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 3287 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000584" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.UI.StartScreen.StartScreenManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager" } ], "repeated": 0, "id": 3288 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000584" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00U\\x00I\\x00.\\x00S\\x00t\\x00a\\x00r\\x00t\\x00S\\x00c\\x00r\\x00e\\x00e\\x00n\\x00.\\x00S\\x00t\\x00a\\x00r\\x00t\\x00S\\x00c\\x00r\\x00e\\x00e\\x00n\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff8f\\x0f:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00PA\\xffac\\x07+\\x02\\x00\\x00\\xfff8\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00PA\\xffac\\x07+\\x02\\x00\\x00\\xffa0\\xfff5\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00PA\\xffac\\x07+\\x02\\x00\\x00`\\xff9a\\xffab\\x07+\\x02\\x00\\x00`\\xff9a\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff9a\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\xffd7\\xffa8\\x07+\\x02\\x00\\x00\\xffa0\\xfff5\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc8\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3289 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivationType" } ], "repeated": 0, "id": 3290 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Server" } ], "repeated": 0, "id": 3291 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\wpnapps.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\DllPath" } ], "repeated": 0, "id": 3292 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Threading" } ], "repeated": 0, "id": 3293 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\TrustLevel" } ], "repeated": 0, "id": 3294 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000584" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\CustomAttributes" } ], "repeated": 0, "id": 3295 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\RemoteServer" } ], "repeated": 0, "id": 3296 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateAsUser" } ], "repeated": 0, "id": 3297 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3298 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3299 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Permissions" } ], "repeated": 0, "id": 3300 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3301 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 3302 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aca000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3303 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12756", "caller": "0x7ffc2d112caa", "parentcaller": "0x7ffc2d112fbd", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07acb000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3304 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000584" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.System.User" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User" } ], "repeated": 0, "id": 3305 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000584" }, { "name": "KeyInformation", "value": "\\xffd9E\\x04\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00&\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00.\\x00U\\x00s\\x00e\\x00r\\x00\\x00\\x00\\xff88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc6\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0\\xfff7\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00O\\x0f:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10E\\xffac\\x07+\\x02\\x00\\x00\\xfff8\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffd0\\xfff7\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xfff7\\xffab\\x07+\\x02\\x00\\x00\\x10E\\xffac\\x07+\\x02\\x00\\x00\\xffe0\\xfff1\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10E\\xffac\\x07+\\x02\\x00\\x00\\xffd0\\xff93\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xff93\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xfff7\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff93\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0\\xfff7\\xffab\\x07+\\x02\\x00\\x00\\xffe0\\xfff1\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xffc7\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xff9a\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3306 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivationType" } ], "repeated": 0, "id": 3307 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "UserManager" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Server" } ], "repeated": 0, "id": 3308 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\DllPath" } ], "repeated": 0, "id": 3309 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Threading" } ], "repeated": 0, "id": 3310 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\TrustLevel" } ], "repeated": 0, "id": 3311 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000584" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\CustomAttributes" } ], "repeated": 0, "id": 3312 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\RemoteServer" } ], "repeated": 0, "id": 3313 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateAsUser" } ], "repeated": 0, "id": 3314 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3315 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3316 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x000000ea", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Type", "value": "0x5000000003" }, { "name": "DataLength", "value": "184" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Permissions" } ], "repeated": 0, "id": 3317 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Data", "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Permissions" } ], "repeated": 0, "id": 3318 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3319 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 3320 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3321 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3322 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3323 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}" } ], "repeated": 0, "id": 3324 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000546" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000532" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3325 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3326 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 3327 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 3328 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3329 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3330 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{E44EA1DF-BB85-5A8C-BDDC-C8E960C355C9}" }, { "name": "Handle", "value": "0x00000532" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E44EA1DF-BB85-5A8C-BDDC-C8E960C355C9}" } ], "repeated": 0, "id": 3331 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000532" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3332 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3333 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 3334 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 3335 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3336 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3337 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3338 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{8CBD762A-1222-5EE5-B745-489E7A42C6EC}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8CBD762A-1222-5EE5-B745-489E7A42C6EC}" } ], "repeated": 0, "id": 3339 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000546" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000586" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3340 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3341 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" } ], "repeated": 0, "id": 3342 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 3343 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3344 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3345 }, { "timestamp": "2026-05-28 21:41:49,566", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3346 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3347 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3348 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3349 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "99B29D3B-368A-4BE6-B675-805A69114497" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3350 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3351 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3352 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3353 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3354 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3355 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3356 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.Tiles.TileStore" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore" } ], "repeated": 0, "id": 3357 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "KeyInformation", "value": "7_\\xffea\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00T\\x00i\\x00l\\x00e\\x00s\\x00.\\x00T\\x00i\\x00l\\x00e\\x00S\\x00t\\x00o\\x00r\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfffc\\x7f\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffc6\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\x03\\xffa9\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00?\\x0f:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0M\\xffac\\x07+\\x02\\x00\\x00\\xfff8\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00P\\x03\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00P\\x03\\xffa9\\x07+\\x02\\x00\\x00\\xffd0M\\xffac\\x07+\\x02\\x00\\x00\\x10\\xfff9\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0M\\xffac\\x07+\\x02\\x00\\x00\\xffe0\\xffed\\xffa5\\x07+\\x02\\x00\\x00\\xffe0\\xffed\\xffa5\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x03\\xffa9\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffed\\xffa5\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00P\\x03\\xffa9\\x07+\\x02\\x00\\x00\\x10\\xfff9\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffc7\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffe2\\xffa5\\x07+\\x02\\x00\\x00\\xffd0\\xffdf\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3358 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivationType" } ], "repeated": 0, "id": 3359 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Server" } ], "repeated": 0, "id": 3360 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\TileDataRepository.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\DllPath" } ], "repeated": 0, "id": 3361 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Threading" } ], "repeated": 0, "id": 3362 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\TrustLevel" } ], "repeated": 0, "id": 3363 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000544" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\CustomAttributes" } ], "repeated": 0, "id": 3364 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\RemoteServer" } ], "repeated": 0, "id": 3365 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateAsUser" } ], "repeated": 0, "id": 3366 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3367 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3368 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Permissions" } ], "repeated": 0, "id": 3369 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3370 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3371 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3372 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3373 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3374 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3375 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3376 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3377 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3378 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3379 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3380 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3381 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3382 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3383 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000560" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3384 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3385 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": " Q\\xac\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 3386 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000548" } ], "repeated": 0, "id": 3387 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3388 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3389 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3390 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3391 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3392 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3393 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3394 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3395 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3396 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000548" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.StateRepository.TileView" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView" } ], "repeated": 0, "id": 3397 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000548" }, { "name": "KeyInformation", "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00R\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00T\\x00i\\x00l\\x00e\\x00V\\x00i\\x00e\\x00w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfffc\\x7f\\x00\\x00'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffe3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc2\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffeft:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90N\\xffac\\x07+\\x02\\x00\\x00\\xfff8\\xffe3\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffe3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe3\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xff90N\\xffac\\x07+\\x02\\x00\\x00\\xffc0\\xfff8\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90N\\xffac\\x07+\\x02\\x00\\x00\\xffa0\\xff91\\xffab\\x07+\\x02\\x00\\x00\\xffa0\\xff91\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff91\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xffc0\\xfff8\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffc3\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa01\\xffa9\\x07+\\x02\\x00\\x00\\xffd0\\xffe3\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3398 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivationType" } ], "repeated": 0, "id": 3399 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Server" } ], "repeated": 0, "id": 3400 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\DllPath" } ], "repeated": 0, "id": 3401 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Threading" } ], "repeated": 0, "id": 3402 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\TrustLevel" } ], "repeated": 0, "id": 3403 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000548" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\CustomAttributes" } ], "repeated": 0, "id": 3404 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\RemoteServer" } ], "repeated": 0, "id": 3405 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateAsUser" } ], "repeated": 0, "id": 3406 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3407 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3408 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Permissions" } ], "repeated": 0, "id": 3409 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000548" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3410 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000548" } ], "repeated": 0, "id": 3411 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3412 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3413 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3414 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{6D3BC882-23A4-4706-B8FA-FC7DE2FC325D}" }, { "name": "Handle", "value": "0x00000546" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6D3BC882-23A4-4706-B8FA-FC7DE2FC325D}" } ], "repeated": 0, "id": 3415 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000546" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000586" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3416 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3417 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000586" } ], "repeated": 0, "id": 3418 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000546" } ], "repeated": 0, "id": 3419 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3420 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3421 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces" }, { "name": "Handle", "value": "0x00000544" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces" } ], "repeated": 0, "id": 3422 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07acc000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3423 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "DefaultStart" }, { "name": "Data", "value": "Windows.Internal.ApplicationModel.StartPinnableSurface" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces\\DefaultStart" } ], "repeated": 0, "id": 3424 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3425 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "ApplicationService:30201dceeeac8522a1b" } ], "repeated": 0, "id": 3426 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000544" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108e0000" }, { "name": "SectionOffset", "value": "0x5093d9cd40" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3427 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c300000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3428 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c302000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3429 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c303000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3430 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108e0000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 3431 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3432 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c302000" }, { "name": "RegionSize", "value": "0x00011000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 3433 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "MutexName", "value": "Local\\SM0:12320:120:WilError_03" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3434 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3435 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3436 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3437 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3438 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3439 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" } ], "repeated": 0, "id": 3440 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 3441 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3442 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3443 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.ApplicationModel.StartPinnableSurface" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface" } ], "repeated": 0, "id": 3444 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000544" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00l\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00S\\x00t\\x00a\\x00r\\x00t\\x00P\\x00i\\x00n\\x00n\\x00a\\x00b\\x00l\\x00e\\x00S\\x00u\\x00r\\x00f\\x00a\\x00c\\x00e\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffc5\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffe0\\xff8b\\xffab\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff9f\\x08:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffa9\\x07+\\x02\\x00\\x00\\xfff8\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffe0\\xff8b\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00\\xffe0\\xff8b\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xff90\\xffa9\\x07+\\x02\\x00\\x00\\xffc0\\xfff8\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff90\\xffa9\\x07+\\x02\\x00\\x00p\\xff9d\\xffab\\x07+\\x02\\x00\\x00p\\xff9d\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xff8b\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xff9d\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffe0\\xff8b\\xffab\\x07+\\x02\\x00\\x00\\xffc0\\xfff8\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffc6\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff96\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xffd3\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3445 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivationType" } ], "repeated": 0, "id": 3446 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Server" } ], "repeated": 0, "id": 3447 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\StartTileData.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\DllPath" } ], "repeated": 0, "id": 3448 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Threading" } ], "repeated": 0, "id": 3449 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\TrustLevel" } ], "repeated": 0, "id": 3450 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000544" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\CustomAttributes" } ], "repeated": 0, "id": 3451 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\RemoteServer" } ], "repeated": 0, "id": 3452 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateAsUser" } ], "repeated": 0, "id": 3453 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3454 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3455 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Permissions" } ], "repeated": 0, "id": 3456 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000544" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3457 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000544" } ], "repeated": 0, "id": 3458 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\USERENV" }, { "name": "DllBase", "value": "0x7ffc2a6c0000" } ], "repeated": 0, "id": 3459 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Wldp" }, { "name": "DllBase", "value": "0x7ffc2a140000" } ], "repeated": 0, "id": 3460 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\windows.storage" }, { "name": "DllBase", "value": "0x7ffc288b0000" } ], "repeated": 0, "id": 3461 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Bcp47Langs" }, { "name": "DllBase", "value": "0x7ffc20480000" } ], "repeated": 0, "id": 3462 }, { "timestamp": "2026-05-28 21:41:49,582", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\StartTileData" }, { "name": "DllBase", "value": "0x7ffc16a70000" } ], "repeated": 0, "id": 3463 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\StartTileData.dll" }, { "name": "BaseAddress", "value": "0x7ffc16a70000" } ], "repeated": 0, "id": 3464 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc16a70000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\StartTileData.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 3465 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "StartTileData.dll" }, { "name": "ModuleHandle", "value": "0x7ffc16a70000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc16b47f30" } ], "repeated": 0, "id": 3466 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "StartTileData.dll" }, { "name": "ModuleHandle", "value": "0x7ffc16a70000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc16b22270" } ], "repeated": 0, "id": 3467 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "StartTileData.dll" }, { "name": "ModuleHandle", "value": "0x7ffc16a70000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc16b3a890" } ], "repeated": 0, "id": 3468 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000a" }, { "name": "TokenHandle", "value": "0x000005b8" } ], "repeated": 0, "id": 3469 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b8" } ], "repeated": 0, "id": 3470 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005b8" }, { "name": "DesiredAccess", "value": "0x80000000", "pretty_value": "0x80000000" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" } ], "repeated": 0, "id": 3471 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000005b8" }, { "name": "ValueName", "value": "shellExperience" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience" } ], "repeated": 0, "id": 3472 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xf0\\xca\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00 \\x02\\x00\\x00\\xd0\\x81<%\\x1e2\\x005\\xb7x)\\x13I=\\x97*\\xee\\xce'\\xd6\\x97\\xec#0mJQa\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3473 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b8" } ], "repeated": 0, "id": 3474 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005bc" } ], "repeated": 0, "id": 3475 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 3476 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 3477 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 3478 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 3479 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3480 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 3481 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 3482 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005bc" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3483 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005bc" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3484 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3485 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3486 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3487 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3488 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 3489 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3490 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005bc" } ], "repeated": 0, "id": 3491 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005bc" } ], "repeated": 0, "id": 3492 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00)\\xbc\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3493 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3494 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3495 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3496 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3497 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3498 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3499 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3500 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3501 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3502 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "6D5140C1-7436-11CE-8034-00AA006009FA" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3503 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3504 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3505 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3506 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3507 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3508 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xe0r\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x80s\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0s\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xb4t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8t\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd0t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0t\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xf8t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18u\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\xd0s\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00Vt\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\t\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 3509 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" } ], "repeated": 0, "id": 3510 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aaa000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3511 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3512 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3513 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3514 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3515 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3516 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3517 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3518 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3519 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "99B29D3B-368A-4BE6-B675-805A69114497" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3520 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3521 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3522 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3523 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3524 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3525 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3526 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3527 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3528 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3529 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3530 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3531 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3532 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3533 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3534 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3535 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3536 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3537 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3538 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000540" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3539 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3540 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90l\\xa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00COL\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 3541 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3542 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3543 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3544 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3545 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3546 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3547 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3548 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3549 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3550 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3551 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3552 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3553 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3554 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ae1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3555 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ae2000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3556 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces" }, { "name": "Handle", "value": "0x000005c4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces" } ], "repeated": 0, "id": 3557 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" }, { "name": "ValueName", "value": "DefaultStart" }, { "name": "Data", "value": "Windows.Internal.ApplicationModel.StartPinnableSurface" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces\\DefaultStart" } ], "repeated": 0, "id": 3558 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 3559 }, { "timestamp": "2026-05-28 21:41:49,598", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005c4" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "ApplicationService:30201dceeeac8522a1b" } ], "repeated": 0, "id": 3560 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005c4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108e0000" }, { "name": "SectionOffset", "value": "0x5093d9cd40" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3561 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c302000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3562 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c303000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3563 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108e0000" }, { "name": "RegionSize", "value": "0x00010000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 3564 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 3565 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c302000" }, { "name": "RegionSize", "value": "0x00011000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 3566 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000a" }, { "name": "TokenHandle", "value": "0x000005c4" } ], "repeated": 0, "id": 3567 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 3568 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005c4" }, { "name": "DesiredAccess", "value": "0x80000000", "pretty_value": "0x80000000" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" } ], "repeated": 0, "id": 3569 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000005c4" }, { "name": "ValueName", "value": "shellExperience" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience" } ], "repeated": 0, "id": 3570 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xf0\\xca\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00 \\x02\\x00\\x00\\xd0\\x81<%\\x1e2\\x005\\xb7x)\\x13I=\\x97*\\xee\\xce'\\xd6\\x97\\xec#0mJQa\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 3571 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 3572 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3573 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xc9\\xdd\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3574 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3575 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3576 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3577 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3578 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3579 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3580 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3581 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3582 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xeb\\xe0\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3583 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xe5\\xe1\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3584 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3585 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "5000" } ], "repeated": 0, "id": 3586 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00u\\xe2\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3587 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00%\\xe3\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00!\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 3588 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" } ], "repeated": 7, "id": 3589 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc2b4c8bd7", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000053c" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 3590 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000053c" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005c0" } ], "repeated": 0, "id": 3591 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3592 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad8aaa8", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xe0r\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x80s\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0s\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xb4t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8t\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd0t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0t\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xf8t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18u\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\xd0s\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00Vt\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\t\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 3593 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad8cbbe", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3594 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000053c" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005c0" } ], "repeated": 0, "id": 3595 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3596 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad8aaa8", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xe0r\\xaa\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x80s\\xaa\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0s\\xaa\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\xb4t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8t\\xaa\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd0t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0t\\xaa\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xf8t\\xaa\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18u\\xaa\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00\\xd0s\\xaa\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00Vt\\xaa\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\t\\xaa\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 3597 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad8cbbe", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3598 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc168a9183", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000053c" } ], "repeated": 0, "id": 3599 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3600 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3601 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3602 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3603 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3604 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c8" } ], "repeated": 0, "id": 3605 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b165b05", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xd41\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12756" } ], "repeated": 0, "id": 3606 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3607 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "4997" } ], "repeated": 0, "id": 3608 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 3609 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3610 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3611 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3612 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3613 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3614 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0010a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3615 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00?\\xff\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00-\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 3616 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00041000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3617 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00?\\xff\\x9e \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00-\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 3618 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 3619 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000388" }, { "name": "ObjectAttributesName", "value": "Windows.Storage.ApplicationData" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData" } ], "repeated": 0, "id": 3620 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005cc" }, { "name": "KeyInformation", "value": "N\\xffc1\\xffec\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00>\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00D\\x00a\\x00t\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8\\xffe7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffcc\\xffd9\\xff93P\\x00\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffb0\\xffe9\\xffad\\x07+\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xff8f\\x02:\\xffe3\\x11\\xffbc\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff87\\xffad\\x07+\\x02\\x00\\x00\\xfff8\\xffe7\\xffa8\\x07+\\x02\\x00\\x00\\xffd0\\xffe7\\xffa8\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\xffb0\\xffe9\\xffad\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffe7\\xffa8\\x07+\\x02\\x00\\x00\\xffb0\\xffe9\\xffad\\x07+\\x02\\x00\\x00\\xffd0\\xff87\\xffad\\x07+\\x02\\x00\\x00P\\x05\\xffae\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xff87\\xffad\\x07+\\x02\\x00\\x00 \\xff9c\\xffab\\x07+\\x02\\x00\\x00 \\xff9c\\xffab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffe9\\xffad\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff9c\\xffab\\x07+\\x02\\x00\\x00\\xff8c\\xffc2\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00+\\x02\\x00\\x00\\xffb0\\xffe9\\xffad\\x07+\\x02\\x00\\x00P\\x05\\xffae\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffcd\\xffd9\\xff93P\\x00\\x00\\x003\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xff9b\\xffab\\x07+\\x02\\x00\\x00\\xffd0\\xffe7\\xffa8\\x07+\\x02\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 3621 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType" } ], "repeated": 0, "id": 3622 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server" } ], "repeated": 0, "id": 3623 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath" } ], "repeated": 0, "id": 3624 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading" } ], "repeated": 0, "id": 3625 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel" } ], "repeated": 0, "id": 3626 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000005cc" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\CustomAttributes" } ], "repeated": 0, "id": 3627 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer" } ], "repeated": 0, "id": 3628 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser" } ], "repeated": 0, "id": 3629 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker" } ], "repeated": 0, "id": 3630 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 3631 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions" } ], "repeated": 0, "id": 3632 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags" } ], "repeated": 0, "id": 3633 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 3634 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData" }, { "name": "DllBase", "value": "0x7ffc10bf0000" } ], "repeated": 0, "id": 3635 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" }, { "name": "BaseAddress", "value": "0x7ffc10bf0000" } ], "repeated": 0, "id": 3636 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc10bf0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 3637 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10bf0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc10c14340" } ], "repeated": 0, "id": 3638 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10bf0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc10c020a0" } ], "repeated": 0, "id": 3639 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "ModuleHandle", "value": "0x7ffc10bf0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc10c040a0" } ], "repeated": 0, "id": 3640 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c8" } ], "repeated": 0, "id": 3641 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3642 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3643 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3644 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12756", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3645 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "P\\xd5\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3646 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3647 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3648 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" }, { "name": "MutexName", "value": "Local\\SM0:12320:120:WilError_03" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3649 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3650 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3651 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3652 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3653 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3654 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 3655 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 3656 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3657 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3658 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3659 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3660 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3661 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3662 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3663 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000c" }, { "name": "TokenHandle", "value": "0x000005c0" } ], "repeated": 0, "id": 3664 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3665 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c0" } ], "repeated": 0, "id": 3666 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 0, "id": 3667 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005c4" }, { "name": "DesiredAccess", "value": "0x02000000", "pretty_value": "MAXIMUM_ALLOWED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER" }, { "name": "ObjectAttributes", "value": "HKEY_USERS" } ], "repeated": 0, "id": 3668 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 0, "id": 3669 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005c4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3670 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000005c4" }, { "name": "ObjectAttributesName", "value": "S-1-5-21-3968686040-3210279463-847977608-1001\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR" } ], "repeated": 0, "id": 3671 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" }, { "name": "ValueName", "value": "WnfStateName" }, { "name": "Data", "value": "\\xe5\\xd0\\xbd\\xa3mN\\xc6A" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR\\WnfStateName" } ], "repeated": 0, "id": 3672 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 3673 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3674 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005c4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3675 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005d4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x000005c4" }, { "name": "ObjectAttributesName", "value": "S-1-5-21-3968686040-3210279463-847977608-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 3676 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d4" }, { "name": "ValueName", "value": "Local AppData" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData" } ], "repeated": 0, "id": 3677 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d4" }, { "name": "ValueName", "value": "Local AppData" }, { "name": "Data", "value": "%USERPROFILE%\\AppData\\Local" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData" } ], "repeated": 0, "id": 3678 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3679 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3680 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005d8" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001" } ], "repeated": 0, "id": 3681 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "ProfileImagePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath" } ], "repeated": 0, "id": 3682 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "ProfileImagePath" }, { "name": "Data", "value": "C:\\Users\\admin" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath" } ], "repeated": 0, "id": 3683 }, { "timestamp": "2026-05-28 21:41:49,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3684 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d4" } ], "repeated": 0, "id": 3685 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3686 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3687 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3688 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3689 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3690 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3691 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3692 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3693 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3694 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3695 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3696 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3697 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x00000006" }, { "name": "ObjectAttributes", "value": "windows_shell_global_counters" } ], "repeated": 0, "id": 3698 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108e0000" }, { "name": "SectionOffset", "value": "0x5093d9cad0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3699 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3700 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3701 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005d4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3702 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d4" }, { "name": "ValueName", "value": "NoPropertiesMyComputer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer" } ], "repeated": 0, "id": 3703 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d4" } ], "repeated": 0, "id": 3704 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3705 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005d8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3706 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "NoPropertiesRecycleBin" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin" } ], "repeated": 0, "id": 3707 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3708 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3709 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3710 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3711 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 3712 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 3713 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 3714 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 3715 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ae3000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3716 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3717 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 3718 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 3719 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3720 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3721 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3722 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3723 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3724 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3725 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e0" } ], "repeated": 0, "id": 3726 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" } ], "repeated": 0, "id": 3727 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3728 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3729 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "MutexName", "value": "Local\\SM0:12320:120:WilError_03" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3730 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3731 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3732 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3733 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3734 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3735 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e0" } ], "repeated": 0, "id": 3736 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" } ], "repeated": 0, "id": 3737 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3738 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3739 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005d8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3740 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "NoControlPanel" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel" } ], "repeated": 0, "id": 3741 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3742 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3743 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005d8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3744 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "NoSetFolders" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders" } ], "repeated": 0, "id": 3745 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3746 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3747 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005d8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3748 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "NoInternetIcon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon" } ], "repeated": 0, "id": 3749 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3750 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3751 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\identity_helper.exe" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\identity_helper.exe" } ], "repeated": 0, "id": 3752 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3753 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3754 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005d8" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" } ], "repeated": 0, "id": 3755 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "ValidateRegItems" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems" } ], "repeated": 0, "id": 3756 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3757 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3758 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3759 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005d8" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" } ], "repeated": 0, "id": 3760 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "MonitorRegistry" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry" } ], "repeated": 0, "id": 3761 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3762 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3763 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3764 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005d8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3765 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005d8" }, { "name": "ValueName", "value": "NoCommonGroups" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups" } ], "repeated": 0, "id": 3766 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d8" } ], "repeated": 0, "id": 3767 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 3768 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3769 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3770 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3771 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3772 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" }, { "name": "Handle", "value": "0x000005de" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" } ], "repeated": 0, "id": 3773 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3774 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3775 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005de" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes" } ], "repeated": 0, "id": 3776 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005de" }, { "name": "ValueName", "value": "CallForAttributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes" } ], "repeated": 0, "id": 3777 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005de" }, { "name": "ValueName", "value": "RestrictedAttributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes" } ], "repeated": 0, "id": 3778 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005de" }, { "name": "ValueName", "value": "FolderValueFlags" }, { "name": "Data", "value": "1581568" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags" } ], "repeated": 0, "id": 3779 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005de" } ], "repeated": 0, "id": 3780 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3781 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3782 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" } ], "repeated": 0, "id": 3783 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" } ], "repeated": 0, "id": 3784 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" } ], "repeated": 0, "id": 3785 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" }, { "name": "Handle", "value": "0x000005dc" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" } ], "repeated": 0, "id": 3786 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005dc" }, { "name": "ValueName", "value": "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" } ], "repeated": 0, "id": 3787 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" } ], "repeated": 0, "id": 3788 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3789 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3790 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005dc" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" } ], "repeated": 0, "id": 3791 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005dc" }, { "name": "ValueName", "value": "ValidateRegItems" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems" } ], "repeated": 0, "id": 3792 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" } ], "repeated": 0, "id": 3793 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3794 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3795 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005dc" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" } ], "repeated": 0, "id": 3796 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005dc" }, { "name": "ValueName", "value": "MonitorRegistry" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry" } ], "repeated": 0, "id": 3797 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" } ], "repeated": 0, "id": 3798 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3799 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3800 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3801 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3802 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 3803 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlAreLongPathsEnabled" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d165280" } ], "repeated": 0, "id": 3804 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3805 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc10c52000" }, { "name": "ModuleName", "value": "Windows.Storage.ApplicationData.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3806 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3807 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3808 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3809 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager" }, { "name": "Handle", "value": "0x000005e0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager" } ], "repeated": 0, "id": 3810 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005e0" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "0" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 3811 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e0" } ], "repeated": 0, "id": 3812 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 3813 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 3814 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 3815 }, { "timestamp": "2026-05-28 21:41:49,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 3816 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005e4" }, { "name": "MutexName", "value": "Local\\SM0:12320:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3817 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3818 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3819 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3820 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3821 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3822 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 3823 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 3824 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e4" } ], "repeated": 0, "id": 3825 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e4" } ], "repeated": 0, "id": 3826 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005e8" } ], "repeated": 0, "id": 3827 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "18" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 3828 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "20" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 3829 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 3830 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Directory" }, { "name": "Handle", "value": "0x000005ea" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Directory" } ], "repeated": 0, "id": 3831 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005ea" }, { "name": "KeyInformation", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Directory" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3832 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005ea" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 1, "id": 3833 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000005ea" }, { "name": "ObjectAttributesName", "value": "ShellEx\\LibraryDescriptionHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler" } ], "repeated": 0, "id": 3834 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler" } ], "repeated": 0, "id": 3835 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Folder" }, { "name": "Handle", "value": "0x000005ee" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Folder" } ], "repeated": 0, "id": 3836 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3837 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3838 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xb0\\xc4\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xb0\\xc5\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3839 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Folder\\ShellEx\\LibraryDescriptionHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler" } ], "repeated": 0, "id": 3840 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3841 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000005ee" }, { "name": "ObjectAttributesName", "value": "ShellEx\\LibraryDescriptionHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler" } ], "repeated": 0, "id": 3842 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "AllFilesystemObjects" }, { "name": "Handle", "value": "0x000005f2" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects" } ], "repeated": 0, "id": 3843 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005f2" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 3844 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005f2" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3845 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xb0\\xc4\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xf2\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xb0\\xc5\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 3846 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler" } ], "repeated": 0, "id": 3847 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005f2" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3848 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000005f2" }, { "name": "ObjectAttributesName", "value": "ShellEx\\LibraryDescriptionHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler" } ], "repeated": 0, "id": 3849 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ea" } ], "repeated": 0, "id": 3850 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ee" } ], "repeated": 0, "id": 3851 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f2" } ], "repeated": 0, "id": 3852 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtOpenEvent", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "Handle", "value": "0x7ffc289c67d0" }, { "name": "EventName", "value": "Global\\WSearchMigPluginActive" } ], "repeated": 0, "id": 3853 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3854 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3855 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfc\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00$0\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12324" } ], "repeated": 0, "id": 3856 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 3857 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3858 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\mssprxy" }, { "name": "DllBase", "value": "0x7ffc1ad10000" } ], "repeated": 0, "id": 3859 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\mssprxy.dll" }, { "name": "BaseAddress", "value": "0x7ffc1ad10000" } ], "repeated": 0, "id": 3860 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc28a78e8e", "parentcaller": "0x7ffc28a7f5f2", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "7D096C5F-AC08-4F1F-BEB7-5C22C517CE39" }, { "name": "ClsContext", "value": "0x00000017", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER" }, { "name": "riid", "value": "AB310581-AC80-11D1-8DF3-00C04FB6EF69" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3861 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3862 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}" }, { "name": "Handle", "value": "0x000005ea" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}" } ], "repeated": 0, "id": 3863 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ea" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000005f6" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3864 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f6" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3865 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f6" } ], "repeated": 0, "id": 3866 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ea" } ], "repeated": 0, "id": 3867 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3868 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3869 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003ae" }, { "name": "SubKey", "value": "Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}" }, { "name": "Handle", "value": "0x000005ee" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}" } ], "repeated": 0, "id": 3870 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ee" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000005ea" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32" } ], "repeated": 0, "id": 3871 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ea" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 3872 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ea" } ], "repeated": 0, "id": 3873 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ee" } ], "repeated": 0, "id": 3874 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3875 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3876 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 3877 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3878 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3879 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3880 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3881 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3882 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3883 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3884 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3885 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\propsys.dll" }, { "name": "BaseAddress", "value": "0x7ffc27140000" } ], "repeated": 0, "id": 3886 }, { "timestamp": "2026-05-28 21:41:49,644", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000000-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3887 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3888 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3889 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 3890 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aad000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3891 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 3892 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3893 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ae7000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3894 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ae8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3895 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 3896 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 3897 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005f8" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro" } ], "repeated": 0, "id": 3898 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b108f0000" }, { "name": "SectionOffset", "value": "0x5093d9bc60" }, { "name": "ViewSize", "value": "0x00004000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3899 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005fc" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" } ], "repeated": 0, "id": 3900 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005fc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10900000" }, { "name": "SectionOffset", "value": "0x5093d9cbc0" }, { "name": "ViewSize", "value": "0x00049000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3901 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3902 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "PROPSYS.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3903 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\SysWOW64\\propsys.dll" } ], "repeated": 1, "id": 3904 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\propsys.dll" } ], "repeated": 0, "id": 3905 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07ae9000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3906 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aea000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3907 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 3908 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 3909 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000600" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro" } ], "repeated": 0, "id": 3910 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000600" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10950000" }, { "name": "SectionOffset", "value": "0x5093d9bd10" }, { "name": "ViewSize", "value": "0x00004000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3911 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000604" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" } ], "repeated": 0, "id": 3912 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000604" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b10960000" }, { "name": "SectionOffset", "value": "0x5093d9cc70" }, { "name": "ViewSize", "value": "0x0009c000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3913 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\SysWOW64\\propsys.dll" } ], "repeated": 1, "id": 3914 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\propsys.dll" } ], "repeated": 0, "id": 3915 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3916 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3917 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3918 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aeb000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3919 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aec000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3920 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00P\\xb0\\xae\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xf0\\xb0\\xae\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xb1\\xae\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00$\\xb2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\xb2\\xae\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@\\xb2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xb2\\xae\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00h\\xb2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xb2\\xae\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00@\\xb1\\xae\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xc6\\xb1\\xae\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xcc\\xb1\\xae\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 3921 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3922 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00P\\xb0\\xae\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xf0\\xb0\\xae\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xb1\\xae\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00$\\xb2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\xb2\\xae\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@\\xb2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xb2\\xae\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00h\\xb2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xb2\\xae\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00@\\xb1\\xae\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xc6\\xb1\\xae\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xcc\\xb1\\xae\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 3923 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3924 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3925 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 3926 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0X\\xac\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 3927 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000c" }, { "name": "TokenHandle", "value": "0x00000608" } ], "repeated": 0, "id": 3928 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3929 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3930 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3931 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005c4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3932 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x000005c4" }, { "name": "ObjectAttributesName", "value": "S-1-5-21-3968686040-3210279463-847977608-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 3933 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "Local AppData" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData" } ], "repeated": 0, "id": 3934 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "Local AppData" }, { "name": "Data", "value": "%USERPROFILE%\\AppData\\Local" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData" } ], "repeated": 0, "id": 3935 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3936 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3937 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000060c" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001" } ], "repeated": 0, "id": 3938 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" }, { "name": "ValueName", "value": "ProfileImagePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath" } ], "repeated": 0, "id": 3939 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" }, { "name": "ValueName", "value": "ProfileImagePath" }, { "name": "Data", "value": "C:\\Users\\admin" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath" } ], "repeated": 0, "id": 3940 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" } ], "repeated": 0, "id": 3941 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3942 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3943 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3944 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx" } ], "repeated": 0, "id": 3945 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 3946 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "Data", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 3947 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3948 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 3949 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000114" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 3950 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000114" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Appx" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx" } ], "repeated": 0, "id": 3951 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 3952 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "PackageRepositoryRoot" }, { "name": "Data", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot" } ], "repeated": 0, "id": 3953 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3954 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aee000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3955 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3956 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3957 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x80\\xbd\\xd9\\x93P\\x00\\x00\\x00\\xb0\\xbd\\xd9\\x93P\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb9L2xOe\\x00\\x00\\x08\\x82f\\x14\\xfc\\x7f\\x00\\x00p4\\xae\\x07+\\x02\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfak\\xd8*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xac\\x00\\xb0\\x00P\\x00\\x00\\x00p4\\xae\\x07+\\x02\\x00\\x00\\xd5,\\x11-\\xfc\\x7f\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\xbe\\xd9\\x93P\\x00\\x00\\x000\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xbd\\xd9\\x93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3958 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3959 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3960 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3961 }, { "timestamp": "2026-05-28 21:41:49,660", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3962 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 3963 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3964 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3965 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 3966 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3967 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3968 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3969 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x80\\xbd\\xd9\\x93P\\x00\\x00\\x00\\xb0\\xbd\\xd9\\x93P\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb9L2xOe\\x00\\x00\\x08\\x82f\\x14\\xfc\\x7f\\x00\\x00\\xf0\\xe2\\xad\\x07+\\x02\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfak\\xd8*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00R\\x00V\\x00\\x00\\x00\\x00\\x00\\xf0\\xe2\\xad\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xbd\\xd9\\x93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3970 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3971 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3972 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3973 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3974 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\t+\\x02\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9LB\\x14\\xfc\\x7f\\x00\\x00\\x15\\xee\\x91\\xc2\\x01\\x00\\x00\\x00\\xfeY\\xd8*\\xfc\\x7f\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00h\\xc1\\xd9\\x93P\\x00\\x00\\x00`\\x11D\\x14\\xfc\\x7f\\x00\\x00\\xcdG\\x11-\\xfc\\x7f\\x00\\x00\\x08\\xaej\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xa8e\\x14\\xfc\\x7f\\x00\\x00\\xb5\\xe8\\x91\\xc2\\x8b\\x88\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xbc+C\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xb2E\t+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3975 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3976 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3977 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 3978 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3979 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3980 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3981 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x80\\xbd\\xd9\\x93P\\x00\\x00\\x00\\xb0\\xbd\\xd9\\x93P\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb9L2xOe\\x00\\x00\\x08\\x82f\\x14\\xfc\\x7f\\x00\\x00`\\xf9\\xab\\x07+\\x02\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfak\\xd8*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00D\\x00\\x00\\x00\\x00\\x00`\\xf9\\xab\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xbd\\xd9\\x93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3982 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3983 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3984 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3985 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3986 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\t+\\x02\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9LB\\x14\\xfc\\x7f\\x00\\x00\\x15\\xee\\x91\\xc2\\x01\\x00\\x00\\x00\\xfeY\\xd8*\\xfc\\x7f\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00h\\xc1\\xd9\\x93P\\x00\\x00\\x00`\\x11D\\x14\\xfc\\x7f\\x00\\x00\\xcdG\\x11-\\xfc\\x7f\\x00\\x00\\x08\\xaej\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xa8e\\x14\\xfc\\x7f\\x00\\x00\\xb5\\xe8\\x91\\xc2\\x8b\\x88\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xbc+C\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xb2E\t+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3987 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3988 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3989 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 3990 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3991 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3992 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3993 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x80\\xbd\\xd9\\x93P\\x00\\x00\\x00\\xb0\\xbd\\xd9\\x93P\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb9L2xOe\\x00\\x00\\x08\\x82f\\x14\\xfc\\x7f\\x00\\x00\\xd0\\x8c\\xad\\x07+\\x02\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfak\\xd8*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x008\\x00\\x00\\x00\\x00\\x00\\xd0\\x8c\\xad\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xbd\\xd9\\x93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3994 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3995 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3996 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 3997 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 3998 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\t+\\x02\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9LB\\x14\\xfc\\x7f\\x00\\x00\\x15\\xee\\x91\\xc2\\x01\\x00\\x00\\x00\\xfeY\\xd8*\\xfc\\x7f\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00h\\xc1\\xd9\\x93P\\x00\\x00\\x00`\\x11D\\x14\\xfc\\x7f\\x00\\x00\\xcdG\\x11-\\xfc\\x7f\\x00\\x00\\x08\\xaej\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xa8e\\x14\\xfc\\x7f\\x00\\x00\\xb5\\xe8\\x91\\xc2\\x8b\\x88\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xbc+C\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xb2E\t+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3999 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4000 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4001 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 4002 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4003 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4004 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4005 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x80\\xbd\\xd9\\x93P\\x00\\x00\\x00\\xb0\\xbd\\xd9\\x93P\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb9L2xOe\\x00\\x00\\x08\\x82f\\x14\\xfc\\x7f\\x00\\x00\\xc0X\\xac\\x07+\\x02\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfak\\xd8*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00(\\x00\\x00\\x00\\x00\\x00\\xc0X\\xac\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xbd\\xd9\\x93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4006 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4007 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4008 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4009 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4010 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\t+\\x02\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9LB\\x14\\xfc\\x7f\\x00\\x00\\x15\\xee\\x91\\xc2\\x01\\x00\\x00\\x00\\xfeY\\xd8*\\xfc\\x7f\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00h\\xc1\\xd9\\x93P\\x00\\x00\\x00`\\x11D\\x14\\xfc\\x7f\\x00\\x00\\xcdG\\x11-\\xfc\\x7f\\x00\\x00\\x08\\xaej\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xa8e\\x14\\xfc\\x7f\\x00\\x00\\xb5\\xe8\\x91\\xc2\\x8b\\x88\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xbc+C\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xb2E\t+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4011 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4012 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4013 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 4014 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4015 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc00000ba", "pretty_return": "FILE_IS_A_DIRECTORY", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4016 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4017 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x80\\xbd\\xd9\\x93P\\x00\\x00\\x00\\xb0\\xbd\\xd9\\x93P\\x00\\x00\\x00\\x80\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\xc0\\xff\\xff\\xff\\xff\\xb9L2xOe\\x00\\x00\\x08\\x82f\\x14\\xfc\\x7f\\x00\\x00\\xc0\\xc9\\xad\\x07+\\x02\\x00\\x00\\xba\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfak\\xd8*\\xfc\\x7f\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xbe\\xd9\\x93P\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc0\\xc9\\xad\\x07+\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xbd\\xd9\\x93P\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4018 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4019 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4020 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4021 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4022 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\t+\\x02\\x00\\x00u\\x02\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9LB\\x14\\xfc\\x7f\\x00\\x00\\x15\\xee\\x91\\xc2\\x01\\x00\\x00\\x00\\xfeY\\xd8*\\xfc\\x7f\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00h\\xc1\\xd9\\x93P\\x00\\x00\\x00`\\x11D\\x14\\xfc\\x7f\\x00\\x00\\xcdG\\x11-\\xfc\\x7f\\x00\\x00\\x08\\xaej\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xa8e\\x14\\xfc\\x7f\\x00\\x00\\xb5\\xe8\\x91\\xc2\\x8b\\x88\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00&\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x90K\\xa9\\x07+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xbc+C\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xb2E\t+\\x02\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x06\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4023 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4024 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4025 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x000900a8", "pretty_value": "FSCTL_GET_REPARSE_POINT" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "" } ], "repeated": 0, "id": 4026 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4027 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" } ], "repeated": 0, "id": 4028 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x004d0008", "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x002\\x00" } ], "repeated": 0, "id": 4029 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4030 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4031 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x006d0008", "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS" }, { "name": "InBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x002\\x00" }, { "name": "OutBuffer", "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 4032 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000608" }, { "name": "IoControlCode", "value": "0x006d0008", "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS" }, { "name": "InBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x002\\x00" }, { "name": "OutBuffer", "value": "\\xee\\x00\\x00\\x00\\x02\\x00\\x00\\x00r\\x00\\x00\\x00\\x1c\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00\\x8e\\x00\\x00\\x00`\\x00\\x00\\x008\\x00\\x00\\x00\\x0c\\x00\\x00\\x00D\\x00\\x00\\x00.\\x00\\x00\\x00/\\x10\\x8cR\\x00\\x000\\x03\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x002\\x00\\\\x00D\\x00o\\x00s\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00s\\x00\\\\x00C\\x00:\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00" } ], "repeated": 0, "id": 4033 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4034 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "C:\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4035 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4036 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000608" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x0000060c" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4037 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4038 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data" } ], "repeated": 0, "id": 4039 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" } ], "repeated": 0, "id": 4040 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x0000060c" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4041 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000060c" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4042 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" } ], "repeated": 0, "id": 4043 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 4044 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4045 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000608" } ], "repeated": 0, "id": 4046 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4047 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4048 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "0\\x91\\xaa\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4049 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4050 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d1ae53f", "parentcaller": "0x7ffc2d10faf7", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 4051 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "CFGMGR32.dll" } ], "repeated": 0, "id": 4052 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4053 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d0ffee4", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ad1b000" }, { "name": "ModuleName", "value": "CFGMGR32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4054 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d0fffb5", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ad09000" }, { "name": "ModuleName", "value": "CFGMGR32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4055 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ad09000" }, { "name": "ModuleName", "value": "CFGMGR32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4056 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d100068", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ad09000" }, { "name": "ModuleName", "value": "CFGMGR32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4057 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ad09000" }, { "name": "ModuleName", "value": "CFGMGR32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4058 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000608" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x0000060c" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4059 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 4060 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4061 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ad08000" }, { "name": "ModuleName", "value": "CFGMGR32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4062 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12748", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CFGMGR32" }, { "name": "DllBase", "value": "0x7ffc2acd0000" } ], "repeated": 0, "id": 4063 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 4064 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" } ], "repeated": 0, "id": 4065 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4066 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "DontShowSuperHidden" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden" } ], "repeated": 0, "id": 4067 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4068 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4069 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" }, { "name": "Handle", "value": "0x000005ec" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" } ], "repeated": 0, "id": 4070 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ec" }, { "name": "SubKey", "value": "" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" } ], "repeated": 0, "id": 4071 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "ShellState" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState" } ], "repeated": 0, "id": 4072 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "ShellState" }, { "name": "Data", "value": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState" } ], "repeated": 0, "id": 4073 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4074 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4075 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "NoWebView" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView" } ], "repeated": 0, "id": 4076 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4077 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4078 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4079 }, { "timestamp": "2026-05-28 21:41:49,676", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "ClassicShell" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell" } ], "repeated": 0, "id": 4080 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2acd5d32", "parentcaller": "0x7ffc2ace3fdd", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000060c" }, { "name": "DesiredAccess", "value": "0x80000000", "pretty_value": "GENERIC_READ" }, { "name": "FileName", "value": "\\Device\\DeviceApi\\CMApi" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4081 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2acd5d32", "parentcaller": "0x7ffc2ace3fdd", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\cfgmgr32" }, { "name": "BaseAddress", "value": "0x7ffc2acd0000" }, { "name": "InitRoutine", "value": "0x7ffc2ace3750" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 4082 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4083 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4084 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4085 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2d005921", "parentcaller": "0x7ffc2acd1ed1", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x0000060c" }, { "name": "IoControlCode", "value": "0x00470807" }, { "name": "InBuffer", "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00|\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00" } ], "repeated": 0, "id": 4086 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000005e8" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000608" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 4087 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4088 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 4089 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000610" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4090 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000610" }, { "name": "ValueName", "value": "SeparateProcess" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess" } ], "repeated": 0, "id": 4091 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4092 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4093 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\STORAGE#Volume#{e32a9442-5af2-11f1-ae2c-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-100000000000}\\" } ], "repeated": 0, "id": 4094 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4095 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 4096 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "NoNetCrawling" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling" } ], "repeated": 0, "id": 4097 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\xbd\\xbb\\x88\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data" } ], "repeated": 0, "id": 4098 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4099 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4100 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000610" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4101 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000610" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-100000000000}\\" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\" } ], "repeated": 0, "id": 4102 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4103 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation" } ], "repeated": 0, "id": 4104 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4105 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000005e8" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000610" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 4106 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4107 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ec" }, { "name": "SubKey", "value": "Advanced" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 4108 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\STORAGE#Volume#{e32a9442-5af2-11f1-ae2c-806e6f6e6963}#0000000003300000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4109 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4110 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000618" }, { "name": "ValueName", "value": "Hidden" }, { "name": "Type", "value": "4", "pretty_value": "REG_DWORD" }, { "name": "Information", "value": "2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden" } ], "repeated": 0, "id": 4111 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4112 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad83f4b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005e8" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 4113 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae04fd4", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000608" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x000005e8" }, { "name": "ObjectAttributesName", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4114 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4115 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data" } ], "repeated": 0, "id": 4116 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4117 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4118 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000608" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 4119 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4120 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "DontPrettyPath" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath" } ], "repeated": 0, "id": 4121 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 4122 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4123 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000005e8" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000608" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 4124 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4125 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 4126 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4127 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ShowInfoTip" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip" } ], "repeated": 0, "id": 4128 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\STORAGE#Volume#{e32a9442-5af2-11f1-ae2c-806e6f6e6963}#0000000EDDC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-c0dd0e000000}\\" } ], "repeated": 0, "id": 4129 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4130 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "HideIcons" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons" } ], "repeated": 0, "id": 4131 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4132 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005e8" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-c0dd0e000000}\\" }, { "name": "Handle", "value": "0x00000610" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\" } ], "repeated": 0, "id": 4133 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4134 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "MapNetDrvBtn" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn" } ], "repeated": 0, "id": 4135 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x9d\\x7f\\xd7`\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00E\\x00D\\x00D\\x00C\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data" } ], "repeated": 0, "id": 4136 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4137 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "WebView" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView" } ], "repeated": 0, "id": 4138 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000610" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4139 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000610" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-c0dd0e000000}\\" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\" } ], "repeated": 0, "id": 4140 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4141 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Filter" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter" } ], "repeated": 0, "id": 4142 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation" } ], "repeated": 0, "id": 4143 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4144 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000005e8" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000610" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 4145 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4146 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 4147 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4148 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ShowSuperHidden" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden" } ], "repeated": 0, "id": 4149 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "SeparateProcess" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess" } ], "repeated": 0, "id": 4150 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\SCSI#CdRom&Ven_&Prod_HL-PQ-SV_WB8#4&35424867&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" } ], "repeated": 0, "id": 4151 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4152 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad83a9c", "parentcaller": "0x7ffc2ad83529", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 4153 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad83f4b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 4154 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad83f76", "parentcaller": "0x7ffc2ae04fd4", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x000005d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4155 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005e8" }, { "name": "SubKey", "value": "{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" } ], "repeated": 0, "id": 4156 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad843a6", "parentcaller": "0x7ffc28a2bfa7", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4157 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x80#\\x00\\x00\\x00\\x07\\x02H\\x01\\xfe\\x00\\x00\\x00\\x11\\x00\\x00\\x00x\\x00'\\xca\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00C\\x00S\\x00I\\x00#\\x00C\\x00d\\x00R\\x00o\\x00m\\x00&\\x00V\\x00e\\x00n\\x00_\\x00<\\x00W\\x00O\\x00O\\x00T\\x00>\\x00&\\x00P\\x00r\\x00o\\x00d\\x00_\\x00H\\x00L\\x00-\\x00P\\x00Q\\x00-\\x00S\\x00V\\x00_\\x00W\\x00B\\x008\\x00#\\x004\\x00&\\x003\\x005\\x004\\x002\\x004\\x008\\x006\\x007\\x00&\\x000\\x00&\\x000\\x001\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data" } ], "repeated": 0, "id": 4158 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad843a6", "parentcaller": "0x7ffc28a2bfeb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4159 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "IconsOnly" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly" } ], "repeated": 0, "id": 4160 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000608" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 4161 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000608" }, { "name": "SubKey", "value": "{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" } ], "repeated": 0, "id": 4162 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000608" } ], "repeated": 0, "id": 4163 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ShowTypeOverlay" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay" } ], "repeated": 0, "id": 4164 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation" } ], "repeated": 0, "id": 4165 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4166 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ShowStatusBar" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar" } ], "repeated": 0, "id": 4167 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4168 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4169 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4170 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000618" } ], "repeated": 0, "id": 4171 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4172 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "18" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 4173 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4174 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4175 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "20" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 4176 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4177 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4178 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 4179 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4180 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4181 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Directory" }, { "name": "Handle", "value": "0x0000061a" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Directory" } ], "repeated": 0, "id": 4182 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4183 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 4184 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4185 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4186 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061a" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 4187 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28969591", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4188 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4189 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x00c\\x000\\x00d\\x00d\\x000\\x00e\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4190 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ffc2b161596", "parentcaller": "0x7ffc2b20668d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Folder" }, { "name": "Handle", "value": "0x0000061e" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Folder" } ], "repeated": 0, "id": 4191 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4192 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061e" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 4193 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4194 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x00c\\x000\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 4195 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000005e8" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x00c\\x000\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00D\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4196 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4197 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005e8" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4198 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000622" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 4199 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2896956d", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005e8" } ], "repeated": 0, "id": 4200 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc2896a4ff", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\xed\\xaa\\x07+\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4201 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12748", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28969591", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4202 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12744", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000610" } ], "repeated": 0, "id": 4203 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061a" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject" } ], "repeated": 0, "id": 4204 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061a" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject" } ], "repeated": 0, "id": 4205 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061e" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject" } ], "repeated": 0, "id": 4206 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061e" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject" } ], "repeated": 0, "id": 4207 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000622" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject" } ], "repeated": 0, "id": 4208 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000622" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject" } ], "repeated": 0, "id": 4209 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061a" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace" } ], "repeated": 0, "id": 4210 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061a" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace" } ], "repeated": 0, "id": 4211 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061e" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace" } ], "repeated": 0, "id": 4212 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061e" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace" } ], "repeated": 0, "id": 4213 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000622" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace" } ], "repeated": 0, "id": 4214 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000622" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace" } ], "repeated": 0, "id": 4215 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061a" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid" } ], "repeated": 0, "id": 4216 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000061e" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid" } ], "repeated": 0, "id": 4217 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000622" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid" } ], "repeated": 0, "id": 4218 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061a" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut" } ], "repeated": 0, "id": 4219 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061e" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut" } ], "repeated": 0, "id": 4220 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000622" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut" } ], "repeated": 0, "id": 4221 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061a" }, { "name": "ValueName", "value": "AlwaysShowExt" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt" } ], "repeated": 0, "id": 4222 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061a" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt" } ], "repeated": 0, "id": 4223 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000061e" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt" } ], "repeated": 0, "id": 4224 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000622" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt" } ], "repeated": 0, "id": 4225 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061a" } ], "repeated": 0, "id": 4226 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061e" } ], "repeated": 0, "id": 4227 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000622" } ], "repeated": 0, "id": 4228 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4229 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4230 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000620" } ], "repeated": 0, "id": 4231 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4232 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4233 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x0000061c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4234 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000061c" }, { "name": "SubKey", "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}" } ], "repeated": 0, "id": 4235 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4236 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category" } ], "repeated": 0, "id": 4237 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Start Menu" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name" } ], "repeated": 0, "id": 4238 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "Data", "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder" } ], "repeated": 0, "id": 4239 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description" } ], "repeated": 0, "id": 4240 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "Microsoft\\Windows\\Start Menu" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath" } ], "repeated": 0, "id": 4241 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName" } ], "repeated": 0, "id": 4242 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip" } ], "repeated": 0, "id": 4243 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21786" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName" } ], "repeated": 0, "id": 4244 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon" } ], "repeated": 0, "id": 4245 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security" } ], "repeated": 0, "id": 4246 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource" } ], "repeated": 0, "id": 4247 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType" } ], "repeated": 0, "id": 4248 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4249 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable" } ], "repeated": 0, "id": 4250 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate" } ], "repeated": 0, "id": 4251 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream" } ], "repeated": 0, "id": 4252 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath" } ], "repeated": 0, "id": 4253 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags" } ], "repeated": 0, "id": 4254 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes" } ], "repeated": 0, "id": 4255 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID" } ], "repeated": 0, "id": 4256 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler" } ], "repeated": 0, "id": 4257 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag" } ], "repeated": 0, "id": 4258 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4259 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ec" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 4260 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 4261 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4262 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0}\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80\\x18\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4263 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000618" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 4264 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x0000061c" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 4265 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4266 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" }, { "name": "ValueName", "value": "Start Menu" }, { "name": "Data", "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu" } ], "repeated": 0, "id": 4267 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4268 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4269 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000061c" } ], "repeated": 0, "id": 4270 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4271 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4272 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000620" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4273 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000620" }, { "name": "SubKey", "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}" } ], "repeated": 0, "id": 4274 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4275 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category" } ], "repeated": 0, "id": 4276 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Common Start Menu" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name" } ], "repeated": 0, "id": 4277 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "Data", "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder" } ], "repeated": 0, "id": 4278 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description" } ], "repeated": 0, "id": 4279 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "Microsoft\\Windows\\Start Menu" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath" } ], "repeated": 0, "id": 4280 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName" } ], "repeated": 0, "id": 4281 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip" } ], "repeated": 0, "id": 4282 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21786" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName" } ], "repeated": 0, "id": 4283 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon" } ], "repeated": 0, "id": 4284 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security" } ], "repeated": 0, "id": 4285 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource" } ], "repeated": 0, "id": 4286 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType" } ], "repeated": 0, "id": 4287 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4288 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable" } ], "repeated": 0, "id": 4289 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate" } ], "repeated": 0, "id": 4290 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream" } ], "repeated": 0, "id": 4291 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath" } ], "repeated": 0, "id": 4292 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags" } ], "repeated": 0, "id": 4293 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes" } ], "repeated": 0, "id": 4294 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID" } ], "repeated": 0, "id": 4295 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler" } ], "repeated": 0, "id": 4296 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PropertyBag" } ], "repeated": 0, "id": 4297 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4298 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ec" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 4299 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 4300 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4301 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 4302 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Common Start Menu" }, { "name": "Data", "value": "%ProgramData%\\Microsoft\\Windows\\Start Menu" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu" } ], "repeated": 0, "id": 4303 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07adf000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4304 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4305 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4306 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000618" } ], "repeated": 0, "id": 4307 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4308 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4309 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x0000061c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4310 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000061c" }, { "name": "SubKey", "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}" }, { "name": "Handle", "value": "0x00000620" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}" } ], "repeated": 0, "id": 4311 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4312 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category" } ], "repeated": 0, "id": 4313 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Recent" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name" } ], "repeated": 0, "id": 4314 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "Data", "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder" } ], "repeated": 0, "id": 4315 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description" } ], "repeated": 0, "id": 4316 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "Microsoft\\Windows\\Recent" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath" } ], "repeated": 0, "id": 4317 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName" } ], "repeated": 0, "id": 4318 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "Data", "value": "@shell32,dll,-12692" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip" } ], "repeated": 0, "id": 4319 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21797" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName" } ], "repeated": 0, "id": 4320 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Icon" }, { "name": "Data", "value": "%SystemRoot%\\system32\\imageres.dll,-117" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon" } ], "repeated": 0, "id": 4321 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security" } ], "repeated": 0, "id": 4322 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource" } ], "repeated": 0, "id": 4323 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType" } ], "repeated": 0, "id": 4324 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4325 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable" } ], "repeated": 0, "id": 4326 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate" } ], "repeated": 0, "id": 4327 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream" } ], "repeated": 0, "id": 4328 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath" } ], "repeated": 0, "id": 4329 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags" } ], "repeated": 0, "id": 4330 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes" } ], "repeated": 0, "id": 4331 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID" } ], "repeated": 0, "id": 4332 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler" } ], "repeated": 0, "id": 4333 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000620" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag" } ], "repeated": 0, "id": 4334 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4335 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ec" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000620" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 4336 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000620" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 4337 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4338 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0}\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80 \\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4339 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000620" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 4340 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000620" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x0000061c" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 4341 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4342 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" }, { "name": "ValueName", "value": "Recent" }, { "name": "Data", "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent" } ], "repeated": 0, "id": 4343 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4344 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4345 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000061c" } ], "repeated": 0, "id": 4346 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4347 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4348 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4349 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}" }, { "name": "Handle", "value": "0x00000620" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}" } ], "repeated": 0, "id": 4350 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4351 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category" } ], "repeated": 0, "id": 4352 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Windows" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name" } ], "repeated": 0, "id": 4353 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder" } ], "repeated": 0, "id": 4354 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description" } ], "repeated": 0, "id": 4355 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath" } ], "repeated": 0, "id": 4356 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName" } ], "repeated": 0, "id": 4357 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip" } ], "repeated": 0, "id": 4358 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName" } ], "repeated": 0, "id": 4359 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon" } ], "repeated": 0, "id": 4360 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security" } ], "repeated": 0, "id": 4361 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource" } ], "repeated": 0, "id": 4362 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType" } ], "repeated": 0, "id": 4363 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4364 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable" } ], "repeated": 0, "id": 4365 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate" } ], "repeated": 0, "id": 4366 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream" } ], "repeated": 0, "id": 4367 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath" } ], "repeated": 0, "id": 4368 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags" } ], "repeated": 0, "id": 4369 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes" } ], "repeated": 0, "id": 4370 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID" } ], "repeated": 0, "id": 4371 }, { "timestamp": "2026-05-28 21:41:49,691", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler" } ], "repeated": 0, "id": 4372 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000620" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000610" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag" } ], "repeated": 0, "id": 4373 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4374 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4375 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000061c" } ], "repeated": 0, "id": 4376 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4377 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4378 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000620" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4379 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000620" }, { "name": "SubKey", "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}" } ], "repeated": 0, "id": 4380 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000620" } ], "repeated": 0, "id": 4381 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category" } ], "repeated": 0, "id": 4382 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "System" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name" } ], "repeated": 0, "id": 4383 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder" } ], "repeated": 0, "id": 4384 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description" } ], "repeated": 0, "id": 4385 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath" } ], "repeated": 0, "id": 4386 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName" } ], "repeated": 0, "id": 4387 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip" } ], "repeated": 0, "id": 4388 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName" } ], "repeated": 0, "id": 4389 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon" } ], "repeated": 0, "id": 4390 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security" } ], "repeated": 0, "id": 4391 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource" } ], "repeated": 0, "id": 4392 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType" } ], "repeated": 0, "id": 4393 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4394 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable" } ], "repeated": 0, "id": 4395 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate" } ], "repeated": 0, "id": 4396 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream" } ], "repeated": 0, "id": 4397 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath" } ], "repeated": 0, "id": 4398 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags" } ], "repeated": 0, "id": 4399 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes" } ], "repeated": 0, "id": 4400 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID" } ], "repeated": 0, "id": 4401 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler" } ], "repeated": 0, "id": 4402 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000620" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag" } ], "repeated": 0, "id": 4403 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4404 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4405 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000061c" } ], "repeated": 0, "id": 4406 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4407 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4408 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4409 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000618" }, { "name": "SubKey", "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}" }, { "name": "Handle", "value": "0x00000624" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}" } ], "repeated": 0, "id": 4410 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000618" } ], "repeated": 0, "id": 4411 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category" } ], "repeated": 0, "id": 4412 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Personal" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name" } ], "repeated": 0, "id": 4413 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder" } ], "repeated": 0, "id": 4414 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description" } ], "repeated": 0, "id": 4415 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "Documents" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath" } ], "repeated": 0, "id": 4416 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "Data", "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName" } ], "repeated": 0, "id": 4417 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip" } ], "repeated": 0, "id": 4418 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21770" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName" } ], "repeated": 0, "id": 4419 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Icon" }, { "name": "Data", "value": "%SystemRoot%\\system32\\imageres.dll,-112" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon" } ], "repeated": 0, "id": 4420 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security" } ], "repeated": 0, "id": 4421 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource" } ], "repeated": 0, "id": 4422 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType" } ], "repeated": 0, "id": 4423 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4424 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Roamable" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable" } ], "repeated": 0, "id": 4425 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate" } ], "repeated": 0, "id": 4426 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream" } ], "repeated": 0, "id": 4427 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath" } ], "repeated": 0, "id": 4428 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags" } ], "repeated": 0, "id": 4429 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes" } ], "repeated": 0, "id": 4430 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID" } ], "repeated": 0, "id": 4431 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler" } ], "repeated": 0, "id": 4432 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000624" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000618" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag" } ], "repeated": 0, "id": 4433 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4434 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ec" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000624" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 4435 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000624" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 4436 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4437 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0}\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80$\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4438 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000624" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 4439 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000624" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x00000628" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 4440 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4441 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" }, { "name": "ValueName", "value": "Personal" }, { "name": "Data", "value": "%USERPROFILE%\\Documents" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal" } ], "repeated": 0, "id": 4442 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4443 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" } ], "repeated": 0, "id": 4444 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000628" } ], "repeated": 0, "id": 4445 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4446 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xe0\\x81\\xd9\\x93P\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4447 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x0000061c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 4448 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000061c" }, { "name": "SubKey", "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}" }, { "name": "Handle", "value": "0x00000624" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}" } ], "repeated": 0, "id": 4449 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" } ], "repeated": 0, "id": 4450 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category" } ], "repeated": 0, "id": 4451 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Fonts" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name" } ], "repeated": 0, "id": 4452 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "Data", "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder" } ], "repeated": 0, "id": 4453 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description" } ], "repeated": 0, "id": 4454 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath" } ], "repeated": 0, "id": 4455 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName" } ], "repeated": 0, "id": 4456 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip" } ], "repeated": 0, "id": 4457 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName" } ], "repeated": 0, "id": 4458 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon" } ], "repeated": 0, "id": 4459 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security" } ], "repeated": 0, "id": 4460 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource" } ], "repeated": 0, "id": 4461 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType" } ], "repeated": 0, "id": 4462 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly" } ], "repeated": 0, "id": 4463 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable" } ], "repeated": 0, "id": 4464 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate" } ], "repeated": 0, "id": 4465 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream" } ], "repeated": 0, "id": 4466 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath" } ], "repeated": 0, "id": 4467 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags" } ], "repeated": 0, "id": 4468 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes" } ], "repeated": 0, "id": 4469 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID" } ], "repeated": 0, "id": 4470 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler" } ], "repeated": 0, "id": 4471 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000624" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x0000061c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag" } ], "repeated": 0, "id": 4472 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4473 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" } ], "repeated": 0, "id": 4474 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 4475 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4476 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4477 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000628" }, { "name": "MutexName", "value": "Local\\SM0:12320:120:WilError_03" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 4478 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4479 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4480 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4481 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4482 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4483 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062c" } ], "repeated": 0, "id": 4484 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4485 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" } ], "repeated": 0, "id": 4486 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" } ], "repeated": 0, "id": 4487 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000628" } ], "repeated": 0, "id": 4488 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "18" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 4489 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "20" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 4490 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000628" } ], "repeated": 0, "id": 4491 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Directory" }, { "name": "Handle", "value": "0x0000062a" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Directory" } ], "repeated": 0, "id": 4492 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000062a" }, { "name": "KeyInformation", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Directory" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 4493 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000062a" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 1, "id": 4494 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000062a" }, { "name": "ObjectAttributesName", "value": "ShellEx\\PropertyHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler" } ], "repeated": 0, "id": 4495 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler" } ], "repeated": 0, "id": 4496 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Folder" }, { "name": "Handle", "value": "0x00000626" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Folder" } ], "repeated": 0, "id": 4497 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000626" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 4498 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000626" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 4499 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xb1\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00&\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xb2\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 4500 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\Folder\\ShellEx\\PropertyHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\PropertyHandler" } ], "repeated": 0, "id": 4501 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000626" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 4502 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000626" }, { "name": "ObjectAttributesName", "value": "ShellEx\\PropertyHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler" } ], "repeated": 0, "id": 4503 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "AllFilesystemObjects" }, { "name": "Handle", "value": "0x0000062e" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects" } ], "repeated": 0, "id": 4504 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000062e" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 4505 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000062e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 4506 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xb1\\xd9\\x93P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00.\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00P\\x00\\x00\\x00\\xd0\\xb2\\xd9\\x93P\\x00\\x00\\x00" } ], "repeated": 0, "id": 4507 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler" } ], "repeated": 0, "id": 4508 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000062e" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 4509 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000062e" }, { "name": "ObjectAttributesName", "value": "ShellEx\\PropertyHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler" } ], "repeated": 0, "id": 4510 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062a" } ], "repeated": 0, "id": 4511 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000626" } ], "repeated": 0, "id": 4512 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062e" } ], "repeated": 0, "id": 4513 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager" }, { "name": "Handle", "value": "0x0000062c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager" } ], "repeated": 0, "id": 4514 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000062c" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "0" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 4515 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062c" } ], "repeated": 0, "id": 4516 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Drive\\shellex\\FolderExtensions" }, { "name": "Handle", "value": "0x0000062e" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions" } ], "repeated": 0, "id": 4517 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062e" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "{fbeb8a05-beee-4442-804e-409d6c4515e9}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}" } ], "repeated": 0, "id": 4518 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}" }, { "name": "Handle", "value": "0x00000626" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}" } ], "repeated": 0, "id": 4519 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000626" }, { "name": "ValueName", "value": "DriveMask" }, { "name": "Data", "value": "32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask" } ], "repeated": 0, "id": 4520 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000626" } ], "repeated": 0, "id": 4521 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x0000062e" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\" } ], "repeated": 0, "id": 4522 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000062e" } ], "repeated": 0, "id": 4523 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000624" } ], "repeated": 0, "id": 4524 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 4525 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4526 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000000-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 4527 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000323-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000146-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 4528 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager" }, { "name": "Handle", "value": "0x000005e8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager" } ], "repeated": 0, "id": 4529 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005e8" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "0" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 4530 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4531 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemoryEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b07aff000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4532 }, { "timestamp": "2026-05-28 21:41:49,707", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\windows.storage.dll" }, { "name": "BaseAddress", "value": "0x7ffc288b0000" } ], "repeated": 0, "id": 4533 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "com", "api": "CoCreateInstanceEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "ServerName", "value": "" }, { "name": "ProgID", "value": "" } ], "repeated": 1, "id": 4534 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "FindFirstFileExW", "status": false, "return": "0xffffffffffffffff", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\LocalState\\ToastCollectionIcons\\*" } ], "repeated": 0, "id": 4535 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c8" } ], "repeated": 1, "id": 4536 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00056000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4537 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xad\\x8c\\xa0 \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4538 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4539 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "4891" } ], "repeated": 0, "id": 4540 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00Q\\x8d\\xa0 \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4541 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00;\\x8e\\xa0 \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4542 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c8" } ], "repeated": 7, "id": 4543 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad808ee", "parentcaller": "0x7ffc2b4c8bd7", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005c8" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "12320" } ], "repeated": 0, "id": 4544 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005c8" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005e8" } ], "repeated": 0, "id": 4545 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 4546 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad8aaa8", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00P\\xe0\\xae\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xf0\\xe0\\xae\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xe1\\xae\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00$\\xe2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\xe2\\xae\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@\\xe2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xe2\\xae\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00h\\xe2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xe2\\xae\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00@\\xe1\\xae\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xc6\\xe1\\xae\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xcc\\xe1\\xae\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 4547 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad8cbbe", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4548 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2ad8cbb0", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005c8" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005e8" } ], "repeated": 0, "id": 4549 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad8aa1f", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 4550 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad8aaa8", "parentcaller": "0x7ffc2ad8cb7c", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00P\\xe0\\xae\\x07+\\x02\\x00\\x00\\x1c\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xf0\\xe0\\xae\\x07+\\x02\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xe1\\xae\\x07+\\x02\\x00\\x00\\x12\\x00\\x12\\x00\\x00\\x00\\x00\\x00$\\xe2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\xe2\\xae\\x07+\\x02\\x00\\x00\\x1e\\x00\\x1e\\x00\\x00\\x00\\x00\\x00@\\xe2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xe2\\xae\\x07+\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00h\\xe2\\xae\\x07+\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xe2\\xae\\x07+\\x02\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00S\\x00Y\\x00S\\x00A\\x00P\\x00P\\x00I\\x00D\\x00\\x00\\x00\\x00\\x00\\x86\\x00\\x86\\x00\\x00\\x00\\x00\\x00@\\xe1\\xae\\x07+\\x02\\x00\\x00\\x06\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\xc6\\xe1\\xae\\x07+\\x02\\x00\\x00X\\x00X\\x00\\x00\\x00\\x00\\x00\\xcc\\xe1\\xae\\x07+\\x02\\x00\\x00" } ], "repeated": 0, "id": 4551 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad8cbbe", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e8" } ], "repeated": 0, "id": 4552 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc168a9183", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c8" } ], "repeated": 0, "id": 4553 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4554 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4555 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4556 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4557 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 4558 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 0, "id": 4559 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b165b05", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xd41\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12756" } ], "repeated": 0, "id": 4560 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 4561 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4562 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4563 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4564 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000038c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4565 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 4566 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12716", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\xac1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12716" } ], "repeated": 0, "id": 4567 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12756", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b4a2ec5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000624" } ], "repeated": 1, "id": 4568 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00b\\xac\\xa0 \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4569 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4570 }, { "timestamp": "2026-05-28 21:41:49,723", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "4883" } ], "repeated": 0, "id": 4571 }, { "timestamp": "2026-05-28 21:41:54,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4572 }, { "timestamp": "2026-05-28 21:41:54,613", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "1" } ], "repeated": 0, "id": 4573 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0010b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4574 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00}l\\xeb \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4575 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12680", "caller": "0x7ffc2ada4448", "parentcaller": "0x7ffbbec9f766", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00071000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4576 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4577 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "100" } ], "repeated": 0, "id": 4578 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4579 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "100" } ], "repeated": 0, "id": 4580 }, { "timestamp": "2026-05-28 21:41:54,629", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xb4n\\xeb \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 4581 }, { "timestamp": "2026-05-28 21:41:54,738", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00^\\x14\\xed \\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4582 }, { "timestamp": "2026-05-28 21:41:54,738", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4583 }, { "timestamp": "2026-05-28 21:41:54,738", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "477" } ], "repeated": 0, "id": 4584 }, { "timestamp": "2026-05-28 21:41:54,738", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4585 }, { "timestamp": "2026-05-28 21:41:54,738", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "477" } ], "repeated": 0, "id": 4586 }, { "timestamp": "2026-05-28 21:41:54,738", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xfa\\x14\\xed \\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 4587 }, { "timestamp": "2026-05-28 21:41:55,238", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00144000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4588 }, { "timestamp": "2026-05-28 21:41:55,238", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c0012c000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 4589 }, { "timestamp": "2026-05-28 21:41:55,238", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00144000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 4590 }, { "timestamp": "2026-05-28 21:41:55,238", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c000e4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 4591 }, { "timestamp": "2026-05-28 21:41:55,238", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4592 }, { "timestamp": "2026-05-28 21:41:55,238", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "4501" } ], "repeated": 0, "id": 4593 }, { "timestamp": "2026-05-28 21:41:57,223", "thread_id": "12664", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbaee58", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4594 }, { "timestamp": "2026-05-28 21:41:57,223", "thread_id": "12664", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffbbfbaee58", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002cc" }, { "name": "Milliseconds", "value": "10000" } ], "repeated": 0, "id": 4595 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00p\\x00\\x00\\x00\\xa3\\x9d9!\\x00\\x00\\x00\\x00\\x18\\x00\\x14\\x00\\x00\\x00\\x00\\x00'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "112" } ], "repeated": 0, "id": 4596 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4597 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "11482" } ], "repeated": 0, "id": 4598 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x449c00154000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4599 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ffc2ad85810", "parentcaller": "0x7ffbbfa6f3bb", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000103", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xe09!\\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 4600 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "oleaut32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ca70000" } ], "repeated": 0, "id": 4601 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4602 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" }, { "name": "Milliseconds", "value": "11480" } ], "repeated": 0, "id": 4603 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0c1f0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 4604 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0cff0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 4605 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbf640093", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xb9\\xaf9!\\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 4606 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xbe\\xb09!\\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00)\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 4607 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000334" } ], "repeated": 0, "id": 4608 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000330" } ], "repeated": 0, "id": 4609 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ffc2ad853aa", "parentcaller": "0x7ffbbfa6f4b5", "category": "filesystem", "api": "NtWriteFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f68" }, { "name": "HandleName", "value": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" }, { "name": "Buffer", "value": "\\x10\\x00\\x00\\x00@\\x00\\x00\\x00\\xe4\\xb79!\\x00\\x00\\x00\\x00\\x18\\x00\\x16\\x00\\x00\\x00\\x00\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 4610 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000033c" } ], "repeated": 0, "id": 4611 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffbbfc69d18", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfe\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00\\x881\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12680" } ], "repeated": 0, "id": 4612 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000338" } ], "repeated": 0, "id": 4613 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ffc2d14467e", "parentcaller": "0x7ffc2d00734d", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "12" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12680" } ], "repeated": 0, "id": 4614 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12680", "caller": "0x7ffc2d14469e", "parentcaller": "0x7ffc2d00734d", "category": "threading", "api": "NtTerminateThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000000" }, { "name": "ExitStatus", "value": "0x00000000" }, { "name": "ThreadId", "value": "0" }, { "name": "ProcessId", "value": "0" } ], "repeated": 0, "id": 4615 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000328" } ], "repeated": 0, "id": 4616 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f0" } ], "repeated": 0, "id": 4617 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002ec" } ], "repeated": 0, "id": 4618 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000002f8" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xfd\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00|1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12668" } ], "repeated": 0, "id": 4619 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12668", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000318" } ], "repeated": 0, "id": 4620 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12668", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffbbfc69d18", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xfd\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00|1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12668" } ], "repeated": 0, "id": 4621 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4622 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12668", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" } ], "repeated": 0, "id": 4623 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12668", "caller": "0x7ffc2d14467e", "parentcaller": "0x7ffc2d00734d", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "12" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12668" } ], "repeated": 0, "id": 4624 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12668", "caller": "0x7ffc2d14469e", "parentcaller": "0x7ffc2d00734d", "category": "threading", "api": "NtTerminateThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000000" }, { "name": "ExitStatus", "value": "0x00000000" }, { "name": "ThreadId", "value": "0" }, { "name": "ProcessId", "value": "0" } ], "repeated": 0, "id": 4625 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" } ], "repeated": 0, "id": 4626 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4627 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4628 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e8" } ], "repeated": 0, "id": 4629 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002e0" } ], "repeated": 0, "id": 4630 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e330000" }, { "name": "RegionSize", "value": "0x000d6000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 4631 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002a8" } ], "repeated": 0, "id": 4632 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000298" } ], "repeated": 0, "id": 4633 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e410000" }, { "name": "RegionSize", "value": "0x021d5000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 4634 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b0" } ], "repeated": 0, "id": 4635 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002ac" } ], "repeated": 0, "id": 4636 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e140000" }, { "name": "RegionSize", "value": "0x001e6000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 4637 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000028c" } ], "repeated": 0, "id": 4638 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000290" } ], "repeated": 0, "id": 4639 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x22b0e000000" }, { "name": "RegionSize", "value": "0x0013b000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 4640 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000294" } ], "repeated": 0, "id": 4641 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000288" } ], "repeated": 0, "id": 4642 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "UnregisterTraceGuids" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d140340" } ], "repeated": 0, "id": 4643 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b4" } ], "repeated": 0, "id": 4644 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x0000025c" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfd\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00l1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12652" } ], "repeated": 0, "id": 4645 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000025c" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4646 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12652", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000278" } ], "repeated": 0, "id": 4647 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12652", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffbbfc69d18", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfd\\x93P\\x00\\x00\\x00 0\\x00\\x00\\x00\\x00\\x00\\x00l1\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12652" } ], "repeated": 0, "id": 4648 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12652", "caller": "0x7ff7809d4c88", "parentcaller": "0x00000000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000274" } ], "repeated": 0, "id": 4649 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12652", "caller": "0x7ffc2d14467e", "parentcaller": "0x7ffc2d00734d", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "12" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "12652" } ], "repeated": 0, "id": 4650 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12652", "caller": "0x7ffc2d14469e", "parentcaller": "0x7ffc2d00734d", "category": "threading", "api": "NtTerminateThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000000" }, { "name": "ExitStatus", "value": "0x00000000" }, { "name": "ThreadId", "value": "0" }, { "name": "ProcessId", "value": "0" } ], "repeated": 0, "id": 4651 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb649", "parentcaller": "0x7ff780a74f22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000025c" } ], "repeated": 0, "id": 4652 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000258" } ], "repeated": 0, "id": 4653 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000254" } ], "repeated": 0, "id": 4654 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809d4c88", "parentcaller": "0x7ff7809bb649", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000250" } ], "repeated": 0, "id": 4655 }, { "timestamp": "2026-05-28 21:41:59,754", "thread_id": "12324", "caller": "0x7ff7809bb65c", "parentcaller": "0x7ff780a74f22", "category": "process", "api": "NtTerminateProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "ExitCode", "value": "0x00000000" } ], "repeated": 0, "id": 4656 } ], "threads": [ "12324", "12448", "12444", "12440", "12436", "12644", "12652", "12660", "12664", "12668", "12672", "12676", "12680", "12716", "12736", "12744", "12748", "12752", "12756", "12764", "12792", "12412" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7809a0000", "MainExeSize": "0x0028c000", "Bitness": "64-bit" }, "file_activities": { "read_files": [], "write_files": [], "delete_files": [] } }, { "process_id": 760, "process_name": "svchost.exe", "parent_id": 624, "module_path": "C:\\Windows\\System32\\svchost.exe", "first_seen": "2026-05-28 21:41:47,433", "calls": [ { "timestamp": "2026-05-28 21:41:55,183", "thread_id": "4384", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006c0" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 0 }, { "timestamp": "2026-05-28 21:42:03,573", "thread_id": "11616", "caller": "0x7ffc2ad7acfe", "parentcaller": "0x7ffc2bfa9f03", "category": "services", "api": "StartServiceW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ServiceHandle", "value": "0x1964d5d6d40" }, { "name": "ServiceName", "value": "GoogleUpdaterService149.0.7814.0" }, { "name": "Arguments", "value": "--com-service" } ], "repeated": 0, "id": 1 }, { "timestamp": "2026-05-28 21:42:05,183", "thread_id": "1252", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000157c" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 3, "id": 2 }, { "timestamp": "2026-05-28 21:42:44,214", "thread_id": "11616", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28791c70", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000004cc" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001444" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 3 }, { "timestamp": "2026-05-28 21:42:45,183", "thread_id": "11616", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000013cc" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 4 }, { "timestamp": "2026-05-28 21:42:48,167", "thread_id": "11568", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000011ac" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 5 }, { "timestamp": "2026-05-28 21:42:55,183", "thread_id": "11616", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f30" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 6 }, { "timestamp": "2026-05-28 21:43:05,183", "thread_id": "4384", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ae4" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 1, "id": 7 }, { "timestamp": "2026-05-28 21:43:25,198", "thread_id": "4384", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f30" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8 }, { "timestamp": "2026-05-28 21:43:35,355", "thread_id": "11616", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000ae4" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9 }, { "timestamp": "2026-05-28 21:43:45,339", "thread_id": "4384", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000013cc" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10 }, { "timestamp": "2026-05-28 21:43:46,386", "thread_id": "4384", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2ad7e6a1", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\rsaenh.dll" }, { "name": "BaseAddress", "value": "0x7ffc297d0000" } ], "repeated": 1, "id": 11 }, { "timestamp": "2026-05-28 21:43:55,214", "thread_id": "4384", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000002c0" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 12 }, { "timestamp": "2026-05-28 21:44:02,386", "thread_id": "11616", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2ad7e6a1", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\rsaenh.dll" }, { "name": "BaseAddress", "value": "0x7ffc297d0000" } ], "repeated": 0, "id": 13 }, { "timestamp": "2026-05-28 21:44:02,901", "thread_id": "11616", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000133c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 14 }, { "timestamp": "2026-05-28 21:44:03,151", "thread_id": "1252", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 15 }, { "timestamp": "2026-05-28 21:44:03,151", "thread_id": "1252", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001538" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 16 }, { "timestamp": "2026-05-28 21:44:03,151", "thread_id": "1252", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 17 }, { "timestamp": "2026-05-28 21:44:03,151", "thread_id": "1252", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x1964c270000" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "no" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 18 }, { "timestamp": "2026-05-28 21:44:03,151", "thread_id": "11616", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28791c70", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000004cc" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001538" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 19 }, { "timestamp": "2026-05-28 21:44:03,214", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 20 }, { "timestamp": "2026-05-28 21:44:03,214", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 21 }, { "timestamp": "2026-05-28 21:44:03,214", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 22 }, { "timestamp": "2026-05-28 21:44:03,276", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 23 }, { "timestamp": "2026-05-28 21:44:03,276", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 24 }, { "timestamp": "2026-05-28 21:44:03,276", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 25 }, { "timestamp": "2026-05-28 21:44:03,276", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 26 }, { "timestamp": "2026-05-28 21:44:03,276", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 27 }, { "timestamp": "2026-05-28 21:44:03,276", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 28 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001538" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 29 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000013cc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 30 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 31 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000013cc" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 32 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00001538" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 33 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 34 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00001538" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 35 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000014d8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 36 }, { "timestamp": "2026-05-28 21:44:03,339", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 37 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 38 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 39 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 40 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 41 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 42 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 43 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 44 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 45 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 46 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 47 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 48 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 49 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000015d8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 50 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015d4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 51 }, { "timestamp": "2026-05-28 21:44:03,386", "thread_id": "1480", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 52 }, { "timestamp": "2026-05-28 21:44:03,448", "thread_id": "13792", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001538" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 53 }, { "timestamp": "2026-05-28 21:44:03,448", "thread_id": "13792", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000013cc" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 54 }, { "timestamp": "2026-05-28 21:44:03,901", "thread_id": "13792", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f30" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 55 }, { "timestamp": "2026-05-28 21:44:03,901", "thread_id": "13792", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000f60" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 56 }, { "timestamp": "2026-05-28 21:44:03,901", "thread_id": "13792", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 57 }, { "timestamp": "2026-05-28 21:44:03,901", "thread_id": "13792", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f60" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 58 }, { "timestamp": "2026-05-28 21:44:03,901", "thread_id": "13792", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000f30" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 59 }, { "timestamp": "2026-05-28 21:44:03,901", "thread_id": "13792", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 60 }, { "timestamp": "2026-05-28 21:44:05,183", "thread_id": "4384", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000f30" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 61 }, { "timestamp": "2026-05-28 21:44:08,605", "thread_id": "11616", "caller": "0x7ffc2a4d74d2", "parentcaller": "0x7ffc2a4d739e", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xffffffff" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000f30" }, { "name": "Options", "value": "0x00000000" } ], "repeated": 0, "id": 62 }, { "timestamp": "2026-05-28 21:44:08,605", "thread_id": "12348", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000007f4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 63 }, { "timestamp": "2026-05-28 21:44:08,605", "thread_id": "1252", "caller": "0x7ffc280d445b", "parentcaller": "0x7ffc280d450f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000006c0" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000004e4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 64 }, { "timestamp": "2026-05-28 21:44:09,198", "thread_id": "4384", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28791c70", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000004cc" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001360" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 65 }, { "timestamp": "2026-05-28 21:44:09,198", "thread_id": "4384", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada89f3", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006c0" }, { "name": "ThreadHandle", "value": "0x00000f30" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Windows\\system32\\DllHost.exe" }, { "name": "CommandLine", "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "140720308498880" } ], "repeated": 0, "id": 66 }, { "timestamp": "2026-05-28 21:44:15,339", "thread_id": "1252", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000680" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 67 }, { "timestamp": "2026-05-28 21:44:22,605", "thread_id": "11616", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000bd4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 68 }, { "timestamp": "2026-05-28 21:44:22,605", "thread_id": "11616", "caller": "0x7ffc2ad63d8e", "parentcaller": "0x7ffc2ad63354", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000015e0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 69 }, { "timestamp": "2026-05-28 21:44:22,605", "thread_id": "11616", "caller": "0x7ffc2ad63395", "parentcaller": "0x7ffc2ad63f0a", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x1964d360000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 70 }, { "timestamp": "2026-05-28 21:44:24,183", "thread_id": "4384", "caller": "0x7ffc2ada89f3", "parentcaller": "0x7ffc2d00de30", "category": "process", "api": "CreateProcessInternalW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ApplicationName", "value": "C:\\Windows\\system32\\DllHost.exe" }, { "name": "CommandLine", "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}" }, { "name": "CreationFlags", "value": "0x00080410", "pretty_value": "CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT" }, { "name": "ProcessId", "value": "12736" }, { "name": "ThreadId", "value": "14316" }, { "name": "ParentHandle", "value": "0xffffffff" }, { "name": "ProcessHandle", "value": "0x000006c0" }, { "name": "ThreadHandle", "value": "0x00000f30" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 71 }, { "timestamp": "2026-05-28 21:44:24,245", "thread_id": "4384", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28791c70", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000004cc" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00001360" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 72 }, { "timestamp": "2026-05-28 21:44:24,245", "thread_id": "4384", "caller": "0x7ffc2adac5f2", "parentcaller": "0x7ffc2ada89f3", "category": "process", "api": "NtCreateUserProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000015e0" }, { "name": "ThreadHandle", "value": "0x000011f8" }, { "name": "ProcessDesiredAccess", "value": "0x02000000" }, { "name": "ThreadDesiredAccess", "value": "0x02000000" }, { "name": "ProcessFileName", "value": "" }, { "name": "ThreadName", "value": "" }, { "name": "ImagePathName", "value": "C:\\Windows\\system32\\DllHost.exe" }, { "name": "CommandLine", "value": "C:\\Windows\\system32\\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}" }, { "name": "DllPath", "value": "" }, { "name": "ProcessId", "value": "140720308488844" } ], "repeated": 0, "id": 73 }, { "timestamp": "2026-05-28 21:44:25,214", "thread_id": "11616", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006c0" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\PhysicalDrive0" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 74 } ], "threads": [ "4384", "11616", "1252", "11568", "1480", "13792", "12348" ], "environ": { "UserName": "SYSTEM", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Windows\\TEMP\\", "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7b7570000", "MainExeSize": "0x00010000", "Bitness": "64-bit" }, "file_activities": { "read_files": [], "write_files": [], "delete_files": [] } }, { "process_id": 14276, "process_name": "Taskmgr.exe", "parent_id": 4248, "module_path": "C:\\Windows\\System32\\Taskmgr.exe", "first_seen": "2026-05-28 21:43:56,307", "calls": [ { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d1ae53f", "parentcaller": "0x7ffc2d10faf7", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 0 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d1520a5", "parentcaller": "0x7ffc2d10faf7", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "42" }, { "name": "ThreadInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "14212" } ], "repeated": 0, "id": 1 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d105157", "parentcaller": "0x7ffc2d1043ea", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "UMPDC.dll" } ], "repeated": 0, "id": 2 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d14f37b", "parentcaller": "0x7ffc2d14f207", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\umpdc.dll" } ], "repeated": 0, "id": 3 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d14fc9c", "parentcaller": "0x7ffc2d14f7b0", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000218" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\umpdc.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 4 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d14fcfe", "parentcaller": "0x7ffc2d14f7b0", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000248" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000218" }, { "name": "FileName", "value": "C:\\Windows\\System32\\umpdc.dll" } ], "repeated": 0, "id": 5 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d104d42", "parentcaller": "0x7ffc2d104aaa", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000248" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a560000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00012000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 6 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d0ffee4", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a570000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 7 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d0fffb5", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a56a000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d0fffed", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a56a000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d100068", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a56a000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d10009c", "parentcaller": "0x7ffc2d0ffad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a56a000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 11 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d105082", "parentcaller": "0x7ffc2d1079d2", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a56a000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 12 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d14fd68", "parentcaller": "0x7ffc2d14f7b0", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000248" } ], "repeated": 0, "id": 13 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d14fd71", "parentcaller": "0x7ffc2d14f7b0", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000218" } ], "repeated": 0, "id": 14 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a56a000" }, { "name": "ModuleName", "value": "UMPDC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 15 }, { "timestamp": "2026-05-28 21:43:58,947", "thread_id": "14212", "caller": "0x7ffc2d137bac", "parentcaller": "0x7ffc2d12288a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\UMPDC" }, { "name": "DllBase", "value": "0x7ffc2a560000" } ], "repeated": 0, "id": 16 }, { "timestamp": "2026-05-28 21:43:59,166", "thread_id": "14212", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\umpdc" }, { "name": "BaseAddress", "value": "0x7ffc2a560000" }, { "name": "InitRoutine", "value": "0x7ffc2a563e30" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 17 }, { "timestamp": "2026-05-28 21:43:59,166", "thread_id": "14212", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a650000" }, { "name": "ModuleName", "value": "powrprof.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 18 }, { "timestamp": "2026-05-28 21:43:59,166", "thread_id": "14212", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a650000" }, { "name": "ModuleName", "value": "powrprof.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 19 }, { "timestamp": "2026-05-28 21:43:59,166", "thread_id": "14212", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\powrprof" }, { "name": "BaseAddress", "value": "0x7ffc2a630000" }, { "name": "InitRoutine", "value": "0x7ffc2a633480" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 20 }, { "timestamp": "2026-05-28 21:43:59,166", "thread_id": "14212", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\nsi" }, { "name": "BaseAddress", "value": "0x7ffc2c7b0000" }, { "name": "InitRoutine", "value": "0x7ffc2c7b22f0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 21 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d0042c4", "parentcaller": "0x7ffc2d003b55", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000248" }, { "name": "DesiredAccess", "value": "0x001200a9", "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE" }, { "name": "FileName", "value": "C:\\Windows\\WindowsShell.Manifest" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 22 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d004459", "parentcaller": "0x7ffc2d003b55", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000024c" }, { "name": "DesiredAccess", "value": "0x00000004", "pretty_value": "SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000248" }, { "name": "FileName", "value": "C:\\Windows\\WindowsShell.Manifest" } ], "repeated": 0, "id": 23 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d0044a6", "parentcaller": "0x7ffc2d003b55", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000024c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f2b0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 24 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2cffe7a0", "parentcaller": "0x7ffc2d005084", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000250" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" } ], "repeated": 0, "id": 25 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2cffe7f0", "parentcaller": "0x7ffc2d005084", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000250" }, { "name": "ValueName", "value": "PreferExternalManifest" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest" } ], "repeated": 0, "id": 26 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2cffe818", "parentcaller": "0x7ffc2d005084", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000250" } ], "repeated": 0, "id": 27 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d016103", "parentcaller": "0x7ffc2d0051de", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000248" }, { "name": "HandleName", "value": "C:\\Windows\\WindowsShell.Manifest" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 28 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d004f83", "parentcaller": "0x7ffc2d00468c", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000248" } ], "repeated": 0, "id": 29 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d004f8a", "parentcaller": "0x7ffc2d00468c", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000024c" } ], "repeated": 0, "id": 30 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d00468c", "parentcaller": "0x7ffc2d003b55", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f2b0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 31 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d002a0e", "parentcaller": "0x7ffc17253a53", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "ThemePropScrollBarCtl" }, { "name": "Atom", "value": "0x0000c01b" } ], "repeated": 0, "id": 32 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d002a0e", "parentcaller": "0x7ffc17253a6d", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "MicrosoftTabletPenServiceProperty" }, { "name": "Atom", "value": "0x0000c01c" } ], "repeated": 0, "id": 33 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc17253bac", "parentcaller": "0x7ffc17253add", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00001022" }, { "name": "uiParam", "value": "0x00000000" } ], "repeated": 0, "id": 34 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc17253aeb", "category": "system", "api": "LdrGetDllHandle", "status": false, "return": "0xffffffffc0000135", "pretty_return": "DLL_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "LPK" }, { "name": "ModuleHandle", "value": "0x00000000" } ], "repeated": 0, "id": 35 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc17253b03", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "GDI32" }, { "name": "ModuleHandle", "value": "0x7ffc2cb50000" } ], "repeated": 0, "id": 36 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc17253b1e", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2cb50000" }, { "name": "FunctionName", "value": "LpkEditControl" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cb75740" } ], "repeated": 0, "id": 37 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc17253b1e", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\\comctl32" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" }, { "name": "InitRoutine", "value": "0x7ffc17289e70" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 38 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc28163254", "parentcaller": "0x7ffc28189919", "category": "misc", "api": "HeapCreate", "status": true, "return": "0x26790db0000", "arguments": [ { "name": "Options", "value": "0" }, { "name": "InitialSize", "value": "0x00000000" }, { "name": "MaximumSize", "value": "0x00000000" } ], "repeated": 0, "id": 39 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc28163254", "parentcaller": "0x7ffc28189919", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\uxtheme" }, { "name": "BaseAddress", "value": "0x7ffc28160000" }, { "name": "InitRoutine", "value": "0x7ffc28188c70" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 40 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\credui" }, { "name": "BaseAddress", "value": "0x7ffc17890000" }, { "name": "InitRoutine", "value": "0x7ffc178916c0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 41 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc1c73613c", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "advapi32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" } ], "repeated": 0, "id": 42 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c73617d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventWrite" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d13f1b0" } ], "repeated": 0, "id": 43 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c73619f", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventRegister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132e80" } ], "repeated": 0, "id": 44 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c7361c1", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventUnregister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d140390" } ], "repeated": 0, "id": 45 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc1c72ae98", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ntdll.dll" }, { "name": "BaseAddress", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 46 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc1c72ae98", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2d0f0000", "arguments": [ { "name": "lpLibFileName", "value": "ntdll.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 47 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72aeb6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlUnhandledExceptionFilter" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18c900" } ], "repeated": 0, "id": 48 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72aecc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlIsThreadWithinLoaderCallout" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16d9d0" } ], "repeated": 0, "id": 49 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc1c72aeeb", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "user32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 50 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc1c72aeeb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2c7c0000", "arguments": [ { "name": "lpLibFileName", "value": "user32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 51 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72af0d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetPointerTouchInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c810870" } ], "repeated": 0, "id": 52 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72af2a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetPointerInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c810710" } ], "repeated": 0, "id": 53 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72af47", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetPointerDevice" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4150" } ], "repeated": 0, "id": 54 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72af64", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetPointerFrameInfoHistory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c8105b0" } ], "repeated": 0, "id": 55 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72af81", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetPointerDeviceRects" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f41a0" } ], "repeated": 0, "id": 56 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72af9e", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "EvaluateProximityToRect" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c840120" } ], "repeated": 0, "id": 57 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72afbb", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "LogicalToPhysicalPoint" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4630" } ], "repeated": 0, "id": 58 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72afd8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "PhysicalToLogicalPoint" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f46f0" } ], "repeated": 0, "id": 59 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72aff5", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "PackTouchHitTestingProximityEvaluation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c840260" } ], "repeated": 0, "id": 60 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72b012", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "RegisterTouchHitTestingWindow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4990" } ], "repeated": 0, "id": 61 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c72b02d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "" }, { "name": "Ordinal", "value": "2560" }, { "name": "FunctionAddress", "value": "0x7ffc2c810410" } ], "repeated": 0, "id": 62 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d90e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 63 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d90f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 64 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d910000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 65 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\duser" }, { "name": "BaseAddress", "value": "0x7ffc1c720000" }, { "name": "InitRoutine", "value": "0x7ffc1c735220" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 66 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc1c807627", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "advapi32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" } ], "repeated": 0, "id": 67 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c807668", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventWrite" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d13f1b0" } ], "repeated": 0, "id": 68 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c80768a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventRegister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132e80" } ], "repeated": 0, "id": 69 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c8076ac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventUnregister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d140390" } ], "repeated": 0, "id": 70 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1c8076ac", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\dui70" }, { "name": "BaseAddress", "value": "0x7ffc1c7c0000" }, { "name": "InitRoutine", "value": "0x7ffc1c805270" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 71 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc13cb7f69", "parentcaller": "0x7ffc13cb349f", "category": "misc", "api": "GetComputerNameExW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ComputerName", "value": "JOHNS-PC" } ], "repeated": 0, "id": 72 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc13cb7f69", "parentcaller": "0x7ffc13cb349f", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\pdh" }, { "name": "BaseAddress", "value": "0x7ffc13cb0000" }, { "name": "InitRoutine", "value": "0x7ffc13cb3550" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 73 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc24242179", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-core-synch-l1-2-0.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 74 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc242421ac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "InitializeConditionVariable" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d159f40" } ], "repeated": 0, "id": 75 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc242421c0", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "SleepConditionVariableCS" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc3890" } ], "repeated": 0, "id": 76 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc242421d4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "WakeAllConditionVariable" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d145430" } ], "repeated": 0, "id": 77 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc24258000" }, { "name": "ModuleName", "value": "dxcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 78 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc24258000" }, { "name": "ModuleName", "value": "dxcore.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 79 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\DXCore" }, { "name": "BaseAddress", "value": "0x7ffc24220000" }, { "name": "InitRoutine", "value": "0x7ffc24241a40" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 80 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2909a334", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "gdi32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2cb50000" } ], "repeated": 0, "id": 81 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2909a334", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2cb50000", "arguments": [ { "name": "lpLibFileName", "value": "gdi32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 82 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3f3b", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18e87018" }, { "name": "Size", "value": "0x00000008" }, { "name": "Buffer", "value": "\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00" } ], "repeated": 0, "id": 83 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3f7a", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2d25c4e0" }, { "name": "Size", "value": "0x00000008" }, { "name": "Buffer", "value": "\\x90%\\x8e\\x8dg\\x02\\x00\\x00" } ], "repeated": 0, "id": 84 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e2580" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0#\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00$\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e)\\xf7\\x7f\\x00\\x00\\xf0\\x00\\xa1)\\xf7\\x7f\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xf8!\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00 \"\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x00\\x00\\xff\\xff\\xff\\xff\\x80Q\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc2%-\\xfc\\x7f\\x00\\x00u\\x00|V\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 85 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e23f0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10+\\x8e\\x8dg\\x02\\x00\\x00\\x80%\\x8e\\x8dg\\x02\\x00\\x00 +\\x8e\\x8dg\\x02\\x00\\x00\\x90%\\x8e\\x8dg\\x02\\x00\\x00@1\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x0f-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x1f\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00\\xf0\"\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb0\\xd9!-\\xfc\\x7f\\x00\\x00\\xc4\\xa2\\x00\\x00\\xff\\xff\\x00\\x00\\x80\\xc2%-\\xfc\\x7f\\x00\\x00\\x80\\xc2%-\\xfc\\x7f\\x00\\x00o\\xaad\\x9b\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 86 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e2b10" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " 1\\x8e\\x8dg\\x02\\x00\\x00\\xf0#\\x8e\\x8dg\\x02\\x00\\x0001\\x8e\\x8dg\\x02\\x00\\x00\\x00$\\x8e\\x8dg\\x02\\x00\\x000Q\\x8e\\x8dg\\x02\\x00\\x00@1\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xff,\\xfc\\x7f\\x00\\x00\\xe0s\\x00-\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x0b\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xa0,\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xc8,\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x0c\\x00\\xff\\xff\\x00\\x00`\\xc2%-\\xfc\\x7f\\x00\\x00`\\xc2%-\\xfc\\x7f\\x00\\x00'\\xda\\xc9\\x9e\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 87 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e3120" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "0M\\x8e\\x8dg\\x02\\x00\\x00\\x10+\\x8e\\x8dg\\x02\\x00\\x00@M\\x8e\\x8dg\\x02\\x00\\x00 +\\x8e\\x8dg\\x02\\x00\\x000+\\x8e\\x8dg\\x02\\x00\\x00\\x10$\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd5*\\xfc\\x7f\\x00\\x00\\xb0g\\xd6*\\xfc\\x7f\\x00\\x00\\x00`/\\x00\\x00\\x00\\x00\\x00D\\x00F\\x00\\x00\\x00\\x00\\x00\\xb02\\x8e\\x8dg\\x02\\x00\\x00\\x1c\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd82\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x08\\x00\\xff\\xff\\xff\\xff\\x80\\xc1%-\\xfc\\x7f\\x00\\x00\\x80\\xc1%-\\xfc\\x7f\\x00\\x00\\x12\\x8f\\x0f\\xd8\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 88 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e4d30" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10Q\\x8e\\x8dg\\x02\\x00\\x00 1\\x8e\\x8dg\\x02\\x00\\x00 Q\\x8e\\x8dg\\x02\\x00\\x0001\\x8e\\x8dg\\x02\\x00\\x00\\xe0X\\x8e\\x8dg\\x02\\x00\\x000Q\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x99*\\xfc\\x7f\\x00\\x00\\xb0\\xfa\\x9d*\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x15\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00`N\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x88N\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff0Y\\x8e\\x8dg\\x02\\x00\\x00p\\xc1%-\\xfc\\x7f\\x00\\x00Yo\\xd4\\xce\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 89 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e5110" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0T\\x8e\\x8dg\\x02\\x00\\x000M\\x8e\\x8dg\\x02\\x00\\x00\\xe0T\\x8e\\x8dg\\x02\\x00\\x00@M\\x8e\\x8dg\\x02\\x00\\x00PM\\x8e\\x8dg\\x02\\x00\\x000+\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xaf*\\xfc\\x7f\\x00\\x00\\x10a\\xb0*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xa0R\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xc8R\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\xb0\\xc2%-\\xfc\\x7f\\x00\\x00\\xf0%\\x8e\\x8dg\\x02\\x00\\x00\\x89]\\xcf\\x81\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 90 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e54d0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xc0X\\x8e\\x8dg\\x02\\x00\\x00\\x10Q\\x8e\\x8dg\\x02\\x00\\x00\\xd0X\\x8e\\x8dg\\x02\\x00\\x00 Q\\x8e\\x8dg\\x02\\x00\\x00\\x00a\\x8e\\x8dg\\x02\\x00\\x00\\xe0X\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xf8,\\xfc\\x7f\\x00\\x00\\x00C\\xf9,\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x06\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00`V\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x88V\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xf7\\x8e\\x8dg\\x02\\x00\\x00 \\xc3%-\\xfc\\x7f\\x00\\x00\\xbc1\rz\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 91 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e58c0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xa0\\\\x8e\\x8dg\\x02\\x00\\x00\\xd0T\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\\\x8e\\x8dg\\x02\\x00\\x00\\xe0T\\x8e\\x8dg\\x02\\x00\\x00\\xf0T\\x8e\\x8dg\\x02\\x00\\x00PM\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00T,\\xfc\\x7f\\x00\\x00\\x80\\xe1Y,\\xfc\\x7f\\x00\\x00\\x00`\\x12\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00PZ\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00xZ\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xc1%-\\xfc\\x7f\\x00\\x00\\xa0M\\x8e\\x8dg\\x02\\x00\\x00\\x0f\\xf4P\\xa2\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 92 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e5ca0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xe0`\\x8e\\x8dg\\x02\\x00\\x00\\xc0X\\x8e\\x8dg\\x02\\x00\\x00\\xf0`\\x8e\\x8dg\\x02\\x00\\x00\\xd0X\\x8e\\x8dg\\x02\\x00\\x00 \\xf7\\x8e\\x8dg\\x02\\x00\\x00\\xf0c\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00|,\\xfc\\x7f\\x00\\x00`\\x7f},\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x19\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x000^\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00X^\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00@\\xc1%-\\xfc\\x7f\\x00\\x00@\\xc1%-\\xfc\\x7f\\x00\\x00\\x19t\\xe4\\x12\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 93 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e60e0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0c\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\\\x8e\\x8dg\\x02\\x00\\x00\\xe0c\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\\\x8e\\x8dg\\x02\\x00\\x000\\x90\\x8e\\x8dg\\x02\\x00\\x00\\xf0T\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd2*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00pb\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x98b\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\xf0\\x8b\\x8e\\x8dg\\x02\\x00\\x00@\\xc2%-\\xfc\\x7f\\x00\\x00\\x13\\x02\\xcd\r\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 94 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e63d0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xe0`\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xf0`\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xb5,\\xfc\\x7f\\x00\\x00`I\\xb5,\\xfc\\x7f\\x00\\x00\\x00\\xc0\\x02\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00`e\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x88e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00P\\xc1%-\\xfc\\x7f\\x00\\x00P\\xc1%-\\xfc\\x7f\\x00\\x00\\xb5\\xf0\\x86p\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 95 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e8b80" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10\\x90\\x8e\\x8dg\\x02\\x00\\x00\\xd0c\\x8e\\x8dg\\x02\\x00\\x00 \\x90\\x8e\\x8dg\\x02\\x00\\x00\\xe0c\\x8e\\x8dg\\x02\\x00\\x00\\xf0c\\x8e\\x8dg\\x02\\x00\\x000\\x90\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x87*\\xfc\\x7f\\x00\\x00\\x90\\x17\\x8a*\\xfc\\x7f\\x00\\x00\\x00\\xa0\\x11\\x00\\x00\\x00\\x00\\x00B\\x00D\\x00\\x00\\x00\\x00\\x00\\x10\\x8d\\x8e\\x8dg\\x02\\x00\\x00\\x1a\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\\x8d\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\x80\\x90\\x8e\\x8dg\\x02\\x00\\x00Pa\\x8e\\x8dg\\x02\\x00\\x00<\\xa0\\x89\\xf1\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 96 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e9010" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x80\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\x00a\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00}*\\xfc\\x7f\\x00\\x00\\x90S~*\\xfc\\x7f\\x00\\x00\\x00\\xd0\t\\x00\\x00\\x00\\x00\\x00B\\x00D\\x00\\x00\\x00\\x00\\x00\\xa0\\x9d\\x8e\\x8dg\\x02\\x00\\x00\\x1a\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc8\\x9d\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00P\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xcf\\%9\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 97 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eabd0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x10\\x90\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xaf\\x8e\\x8dg\\x02\\x00\\x00 \\x90\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xbc\\x8e\\x8dg\\x02\\x00\\x00 \\xb2\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xed,\\xfc\\x7f\\x00\\x00`X\\xee,\\xfc\\x7f\\x00\\x00\\x00\\xf0\n\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x000\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00X\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x000\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xc3%-\\xfc\\x7f\\x00\\x00\\xef\\x1f\\x17#\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 98 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eaf00" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xab\\x8e\\x8dg\\x02\\x00\\x00 \\xb2\\x8e\\x8dg\\x02\\x00\\x00 \\xf7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x03,\\xfc\\x7f\\x00\\x00Px\\x03,\\xfc\\x7f\\x00\\x00\\x00\\xe0\t\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00\\x80\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xa8\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xf0\\x00\\x8f\\x8dg\\x02\\x00\\x00\\xf0\\xc1%-\\xfc\\x7f\\x00\\x00\\x04\\x0e\\xf6\\x9b\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 99 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb200" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xab\\x8e\\x8dg\\x02\\x00\\x00 \\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xf9+\\xfc\\x7f\\x00\\x00p\\xce\\xfa+\\xfc\\x7f\\x00\\x00\\x00\\xc0\t\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xc0\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xe8\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\x00\\xb7\\x8e\\x8dg\\x02\\x00\\x000\\xc2%-\\xfc\\x7f\\x00\\x00\\x9a\\xb6\\xfa\\x9d\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 100 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebc80" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xa0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x84+\\xfc\\x7f\\x00\\x00\\x80\\x12\\x95+\\xfc\\x7f\\x00\\x00\\x00Pt\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xd0\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xf8\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\x90\\xba\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xc1%-\\xfc\\x7f\\x00\\x00CA\\xda\\xc3\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 101 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec3a0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xb0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xbc\\x8e\\x8dg\\x02\\x00\\x00p\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00h,\\xfc\\x7f\\x00\\x00\\xb0ej,\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x12\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00\\xe0\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x08\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff@\\xe3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc3%-\\xfc\\x7f\\x00\\x00\\xb5}]\\xc1\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 102 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebdb0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xc3\\x8e\\x8dg\\x02\\x00\\x00`\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00@+\\xfc\\x7f\\x00\\x00\\xf0IO+\\xfc\\x7f\\x00\\x00\\x00@5\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00 \\xa0\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00H\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xc0\\xc1%-\\xfc\\x7f\\x00\\x00\\xc0\\xc1%-\\xfc\\x7f\\x00\\x00=}>a\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 103 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebb50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xe0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xa7,\\xfc\\x7f\\x00\\x00P\\xe7\\xa8,\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x0c\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00P\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00x\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\x00\\xe8\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc2%-\\xfc\\x7f\\x00\\x00\\xf1\\xdf.\\xd4\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 104 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebee0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10\\xc0\\x8e\\x8dg\\x02\\x00\\x00P\\xbb\\x8e\\x8dg\\x02\\x00\\x00 \\xc0\\x8e\\x8dg\\x02\\x00\\x00`\\xbb\\x8e\\x8dg\\x02\\x00\\x000\\xc0\\x8e\\x8dg\\x02\\x00\\x00p\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00 +\\xfc\\x7f\\x00\\x00\\xa0\\xa7 +\\xfc\\x7f\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xa0\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xc8\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00@\\xc2%-\\xfc\\x7f\\x00\\x00\\x80\\x90\\x8e\\x8dg\\x02\\x00\\x00S\\xbe\\xd5!\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 105 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec010" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "p\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xea\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xbf*\\xfc\\x7f\\x00\\x00\\xf0\\x90\\xbf*\\xfc\\x7f\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00\\xb0\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xd8\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00`\\xc1%-\\xfc\\x7f\\x00\\x00`\\xc1%-\\xfc\\x7f\\x00\\x00C\\xb9#\\x97\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 106 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec270" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xe4\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc0\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xe4\\x8e\\x8dg\\x02\\x00\\x00 \\xc0\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xe7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00{,\\xfc\\x7f\\x00\\x00\\xf0\"{,\\xfc\\x7f\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x006\\x008\\x00\\x00\\x00\\x00\\x00\\xa0\\xdb\\x8e\\x8dg\\x02\\x00\\x00\\x0e\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xc8\\xdb\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xe0\\xc2%-\\xfc\\x7f\\x00\\x00\\xe0\\xc2%-\\xfc\\x7f\\x00\\x00@\\xe2\\xe3o\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 107 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ee400" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xec\\x8e\\x8dg\\x02\\x00\\x00p\\xc2\\x8e\\x8dg\\x02\\x00\\x00`\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xc2\\x8e\\x8dg\\x02\\x00\\x00`\\xc1\\x8e\\x8dg\\x02\\x00\\x00p\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\r,\\xfc\\x7f\\x00\\x00\\xa04\\x0f,\\xfc\\x7f\\x00\\x00\\x00\\xe0F\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xf0\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x18\\xa3\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xc2%-\\xfc\\x7f\\x00\\x00p\\xc2%-\\xfc\\x7f\\x00\\x00\"%\\x88W\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 108 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eec50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "@\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xe4\\x8e\\x8dg\\x02\\x00\\x00P\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xe4\\x8e\\x8dg\\x02\\x00\\x00 \\xe4\\x8e\\x8dg\\x02\\x00\\x00P\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xcd*\\xfc\\x7f\\x00\\x00P7\\xce*\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x04\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\x80\\xa4\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xa8\\xa4\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xb0\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xc1%-\\xfc\\x7f\\x00\\x00]\\x81\\xde\\x1e\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 109 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec140" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x90\\xb6\\x8e\\x8dg\\x02\\x00\\x00P\\xec\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xb6\\x8e\\x8dg\\x02\\x00\\x00`\\xec\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xe7\\x8e\\x8dg\\x02\\x00\\x00 \\xe4\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00c*\\xfc\\x7f\\x00\\x00\\x804c*\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00`\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x88\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xc0\\xff\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x08\\x95\\x19\\x06\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 110 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb690" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xc0\\xb7\\x8e\\x8dg\\x02\\x00\\x00@\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xb7\\x8e\\x8dg\\x02\\x00\\x00P\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xb7\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x1f\\x17\\xfc\\x7f\\x00\\x00p\\x9e(\\x17\\xfc\\x7f\\x00\\x00\\x00\\xa0)\\x00\\x00\\x00\\x00\\x00\\xf8\\x00\\xfa\\x00\\x00\\x00\\x00\\x00\\xb0'\\x8f\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x90(\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x10\\x06\\x00\\xff\\xff0\\xc2%-\\xfc\\x7f\\x00\\x00p\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xed\\xb6\\x1eK\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 111 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb7c0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x16(\\xfc\\x7f\\x00\\x00p\\x8c\\x18(\\xfc\\x7f\\x00\\x00\\x00\\xe0\t\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00g\\x02\\x00\\x00@\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00h\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\x00\\xc3%-\\xfc\\x7f\\x00\\x00@\\xac\\x8e\\x8dg\\x02\\x00\\x006\\x88\\x10\\x16\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 112 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb8f0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " \\xba\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xb7\\x8e\\x8dg\\x02\\x00\\x000\\xba\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xb7\\x8e\\x8dg\\x02\\x00\\x00@\\xba\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xb7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x89\\x17\\xfc\\x7f\\x00\\x00\\xc0\\x16\\x89\\x17\\xfc\\x7f\\x00\\x00\\x00\\x90\\x01\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00g\\x02\\x00\\x00\\x90\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xb8\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xc0\\xc2%-\\xfc\\x7f\\x00\\x00\\xc0\\xc2%-\\xfc\\x7f\\x00\\x00\\x1e\\xc3a\\x08\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 113 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eba20" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "p\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00r\\x1c\\xfc\\x7f\\x00\\x00 Rs\\x1c\\xfc\\x7f\\x00\\x00\\x00P\t\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00g\\x02\\x00\\x00\\x00\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00(\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff0\\xfc\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbc\\x8e\\x8dg\\x02\\x00\\x00}\\x0bF\r\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 114 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ef370" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " \\xfe\\x8e\\x8dg\\x02\\x00\\x00 \\xba\\x8e\\x8dg\\x02\\x00\\x000\\xfe\\x8e\\x8dg\\x02\\x00\\x000\\xba\\x8e\\x8dg\\x02\\x00\\x00@\\xfe\\x8e\\x8dg\\x02\\x00\\x00@\\xba\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00|\\x1c\\xfc\\x7f\\x00\\x00pR\\x80\\x1c\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x1a\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00g\\x02\\x00\\x00\\x00=\\x8f\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00(=\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xb0\\xc1%-\\xfc\\x7f\\x00\\x00\\xb0\\xc1%-\\xfc\\x7f\\x00\\x00n\\xea\\xab\\xed\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 115 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8efe20" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xff\\x8e\\x8dg\\x02\\x00\\x00p\\xf3\\x8e\\x8dg\\x02\\x00\\x00`\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xf3\\x8e\\x8dg\\x02\\x00\\x00p\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xcb\\x13\\xfc\\x7f\\x00\\x00P5\\xcb\\x13\\xfc\\x7f\\x00\\x00\\x00\\x90\\x04\\x00\\x00\\x00\\x00\\x006\\x008\\x00g\\x02\\x00\\x00\\xf0N\\x8f\\x8dg\\x02\\x00\\x00\\x0e\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x18O\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xa0\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xc1%-\\xfc\\x7f\\x00\\x00v\\x0cU\\xc3\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 116 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eff50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "`\\xe6\\x8e\\x8dg\\x02\\x00\\x00 \\xfe\\x8e\\x8dg\\x02\\x00\\x00p\\xe6\\x8e\\x8dg\\x02\\x00\\x000\\xfe\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xe6\\x8e\\x8dg\\x02\\x00\\x00@\\xfe\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\"$\\xfc\\x7f\\x00\\x00@\\x1a$$\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x03\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00g\\x02\\x00\\x00\\xf08\\x8f\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x189\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xd0\\xc1%-\\xfc\\x7f\\x00\\x00\\xb0\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x0e\\x82\\xd7\\x1f\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 117 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ee660" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\x00\\x8f\\x8dg\\x02\\x00\\x00P\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x00\\x8f\\x8dg\\x02\\x00\\x00`\\xff\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xc4%-\\xfc\\x7f\\x00\\x00p\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\t)\\xfc\\x7f\\x00\\x00\\xc0d\\x0b)\\xfc\\x7f\\x00\\x00\\x000\\x0f\\x00\\x00\\x00\\x00\\x008\\x00:\\x00g\\x02\\x00\\x00pE\\x8f\\x8dg\\x02\\x00\\x00\\x10\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x98E\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x00\\x00\\x06\\x00\\x00\\x00`\\xfd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xc2%-\\xfc\\x7f\\x00\\x00k;\\xec\\xee\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 118 }, { "timestamp": "2026-05-28 21:43:59,182", "thread_id": "14212", "caller": "0x7ffc2d002a0e", "parentcaller": "0x7ffc29091242", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "D3D9_IdHot_Ctrl_SnapDesktop" }, { "name": "Atom", "value": "0x0000c01a" } ], "repeated": 0, "id": 119 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d912000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 120 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\dxgi" }, { "name": "BaseAddress", "value": "0x7ffc29090000" }, { "name": "InitRoutine", "value": "0x7ffc290b64c0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 121 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3f3b", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18e87018" }, { "name": "Size", "value": "0x00000008" }, { "name": "Buffer", "value": "\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00" } ], "repeated": 0, "id": 122 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3f7a", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2d25c4e0" }, { "name": "Size", "value": "0x00000008" }, { "name": "Buffer", "value": "\\x90%\\x8e\\x8dg\\x02\\x00\\x00" } ], "repeated": 0, "id": 123 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e2580" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0#\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00$\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e)\\xf7\\x7f\\x00\\x00\\xf0\\x00\\xa1)\\xf7\\x7f\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xf8!\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00 \"\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x00\\x00\\xff\\xff\\xff\\xff\\x80Q\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc2%-\\xfc\\x7f\\x00\\x00u\\x00|V\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 124 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e23f0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10+\\x8e\\x8dg\\x02\\x00\\x00\\x80%\\x8e\\x8dg\\x02\\x00\\x00 +\\x8e\\x8dg\\x02\\x00\\x00\\x90%\\x8e\\x8dg\\x02\\x00\\x00@1\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x0f-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x1f\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00\\xf0\"\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb0\\xd9!-\\xfc\\x7f\\x00\\x00\\xc4\\xa2\\x00\\x00\\xff\\xff\\x00\\x00\\x80\\xc2%-\\xfc\\x7f\\x00\\x00\\x80\\xc2%-\\xfc\\x7f\\x00\\x00o\\xaad\\x9b\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 125 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e2b10" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " 1\\x8e\\x8dg\\x02\\x00\\x00\\xf0#\\x8e\\x8dg\\x02\\x00\\x0001\\x8e\\x8dg\\x02\\x00\\x00\\x00$\\x8e\\x8dg\\x02\\x00\\x000Q\\x8e\\x8dg\\x02\\x00\\x00@1\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xff,\\xfc\\x7f\\x00\\x00\\xe0s\\x00-\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x0b\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xa0,\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xc8,\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x0c\\x00\\xff\\xff\\x00\\x00`\\xc2%-\\xfc\\x7f\\x00\\x00`\\xc2%-\\xfc\\x7f\\x00\\x00'\\xda\\xc9\\x9e\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 126 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e3120" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "0M\\x8e\\x8dg\\x02\\x00\\x00\\x10+\\x8e\\x8dg\\x02\\x00\\x00@M\\x8e\\x8dg\\x02\\x00\\x00 +\\x8e\\x8dg\\x02\\x00\\x000+\\x8e\\x8dg\\x02\\x00\\x00\\x10$\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd5*\\xfc\\x7f\\x00\\x00\\xb0g\\xd6*\\xfc\\x7f\\x00\\x00\\x00`/\\x00\\x00\\x00\\x00\\x00D\\x00F\\x00\\x00\\x00\\x00\\x00\\xb02\\x8e\\x8dg\\x02\\x00\\x00\\x1c\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd82\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x08\\x00\\xff\\xff\\xff\\xff\\x80\\xc1%-\\xfc\\x7f\\x00\\x00\\x80\\xc1%-\\xfc\\x7f\\x00\\x00\\x12\\x8f\\x0f\\xd8\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 127 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e4d30" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10Q\\x8e\\x8dg\\x02\\x00\\x00 1\\x8e\\x8dg\\x02\\x00\\x00 Q\\x8e\\x8dg\\x02\\x00\\x0001\\x8e\\x8dg\\x02\\x00\\x00\\xe0X\\x8e\\x8dg\\x02\\x00\\x000Q\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x99*\\xfc\\x7f\\x00\\x00\\xb0\\xfa\\x9d*\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x15\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00`N\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x88N\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff0Y\\x8e\\x8dg\\x02\\x00\\x00p\\xc1%-\\xfc\\x7f\\x00\\x00Yo\\xd4\\xce\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 128 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e5110" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0T\\x8e\\x8dg\\x02\\x00\\x000M\\x8e\\x8dg\\x02\\x00\\x00\\xe0T\\x8e\\x8dg\\x02\\x00\\x00@M\\x8e\\x8dg\\x02\\x00\\x00PM\\x8e\\x8dg\\x02\\x00\\x000+\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xaf*\\xfc\\x7f\\x00\\x00\\x10a\\xb0*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xa0R\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xc8R\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\xb0\\xc2%-\\xfc\\x7f\\x00\\x00\\xf0%\\x8e\\x8dg\\x02\\x00\\x00\\x89]\\xcf\\x81\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 129 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e54d0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xc0X\\x8e\\x8dg\\x02\\x00\\x00\\x10Q\\x8e\\x8dg\\x02\\x00\\x00\\xd0X\\x8e\\x8dg\\x02\\x00\\x00 Q\\x8e\\x8dg\\x02\\x00\\x00\\x00a\\x8e\\x8dg\\x02\\x00\\x00\\xe0X\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xf8,\\xfc\\x7f\\x00\\x00\\x00C\\xf9,\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x06\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00`V\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x88V\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xf7\\x8e\\x8dg\\x02\\x00\\x00 \\xc3%-\\xfc\\x7f\\x00\\x00\\xbc1\rz\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 130 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e58c0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xa0\\\\x8e\\x8dg\\x02\\x00\\x00\\xd0T\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\\\x8e\\x8dg\\x02\\x00\\x00\\xe0T\\x8e\\x8dg\\x02\\x00\\x00\\xf0T\\x8e\\x8dg\\x02\\x00\\x00PM\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00T,\\xfc\\x7f\\x00\\x00\\x80\\xe1Y,\\xfc\\x7f\\x00\\x00\\x00`\\x12\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00PZ\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00xZ\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xc1%-\\xfc\\x7f\\x00\\x00\\xa0M\\x8e\\x8dg\\x02\\x00\\x00\\x0f\\xf4P\\xa2\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 131 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e5ca0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xe0`\\x8e\\x8dg\\x02\\x00\\x00\\xc0X\\x8e\\x8dg\\x02\\x00\\x00\\xf0`\\x8e\\x8dg\\x02\\x00\\x00\\xd0X\\x8e\\x8dg\\x02\\x00\\x00 \\xf7\\x8e\\x8dg\\x02\\x00\\x00\\xf0c\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00|,\\xfc\\x7f\\x00\\x00`\\x7f},\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x19\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x000^\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00X^\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00@\\xc1%-\\xfc\\x7f\\x00\\x00@\\xc1%-\\xfc\\x7f\\x00\\x00\\x19t\\xe4\\x12\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 132 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e60e0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0c\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\\\x8e\\x8dg\\x02\\x00\\x00\\xe0c\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\\\x8e\\x8dg\\x02\\x00\\x000\\x90\\x8e\\x8dg\\x02\\x00\\x00\\xf0T\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd2*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00pb\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x98b\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\xf0\\x8b\\x8e\\x8dg\\x02\\x00\\x00@\\xc2%-\\xfc\\x7f\\x00\\x00\\x13\\x02\\xcd\r\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 133 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e63d0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xe0`\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xf0`\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xb5,\\xfc\\x7f\\x00\\x00`I\\xb5,\\xfc\\x7f\\x00\\x00\\x00\\xc0\\x02\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00`e\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x88e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00P\\xc1%-\\xfc\\x7f\\x00\\x00P\\xc1%-\\xfc\\x7f\\x00\\x00\\xb5\\xf0\\x86p\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 134 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e8b80" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10\\x90\\x8e\\x8dg\\x02\\x00\\x00\\xd0c\\x8e\\x8dg\\x02\\x00\\x00 \\x90\\x8e\\x8dg\\x02\\x00\\x00\\xe0c\\x8e\\x8dg\\x02\\x00\\x00\\xf0c\\x8e\\x8dg\\x02\\x00\\x000\\x90\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x87*\\xfc\\x7f\\x00\\x00\\x90\\x17\\x8a*\\xfc\\x7f\\x00\\x00\\x00\\xa0\\x11\\x00\\x00\\x00\\x00\\x00B\\x00D\\x00\\x00\\x00\\x00\\x00\\x10\\x8d\\x8e\\x8dg\\x02\\x00\\x00\\x1a\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\\x8d\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\x80\\x90\\x8e\\x8dg\\x02\\x00\\x00Pa\\x8e\\x8dg\\x02\\x00\\x00<\\xa0\\x89\\xf1\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 135 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e9010" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x80\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\x00a\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00}*\\xfc\\x7f\\x00\\x00\\x90S~*\\xfc\\x7f\\x00\\x00\\x00\\xd0\t\\x00\\x00\\x00\\x00\\x00B\\x00D\\x00\\x00\\x00\\x00\\x00\\xa0\\x9d\\x8e\\x8dg\\x02\\x00\\x00\\x1a\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc8\\x9d\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00P\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xcf\\%9\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 136 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eabd0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x10\\x90\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xaf\\x8e\\x8dg\\x02\\x00\\x00 \\x90\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xbc\\x8e\\x8dg\\x02\\x00\\x00 \\xb2\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xed,\\xfc\\x7f\\x00\\x00`X\\xee,\\xfc\\x7f\\x00\\x00\\x00\\xf0\n\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x000\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00X\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x000\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xc3%-\\xfc\\x7f\\x00\\x00\\xef\\x1f\\x17#\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 137 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eaf00" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xab\\x8e\\x8dg\\x02\\x00\\x00 \\xb2\\x8e\\x8dg\\x02\\x00\\x00 \\xf7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x03,\\xfc\\x7f\\x00\\x00Px\\x03,\\xfc\\x7f\\x00\\x00\\x00\\xe0\t\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00\\x80\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xa8\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xf0\\x00\\x8f\\x8dg\\x02\\x00\\x00\\xf0\\xc1%-\\xfc\\x7f\\x00\\x00\\x04\\x0e\\xf6\\x9b\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 138 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb200" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xab\\x8e\\x8dg\\x02\\x00\\x00 \\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xf9+\\xfc\\x7f\\x00\\x00p\\xce\\xfa+\\xfc\\x7f\\x00\\x00\\x00\\xc0\t\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xc0\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xe8\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\x00\\xb7\\x8e\\x8dg\\x02\\x00\\x000\\xc2%-\\xfc\\x7f\\x00\\x00\\x9a\\xb6\\xfa\\x9d\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 139 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebc80" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xa0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x84+\\xfc\\x7f\\x00\\x00\\x80\\x12\\x95+\\xfc\\x7f\\x00\\x00\\x00Pt\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xd0\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xf8\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\x90\\xba\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xc1%-\\xfc\\x7f\\x00\\x00CA\\xda\\xc3\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 140 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec3a0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xb0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xbc\\x8e\\x8dg\\x02\\x00\\x00p\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00h,\\xfc\\x7f\\x00\\x00\\xb0ej,\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x12\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00\\xe0\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x08\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff@\\xe3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc3%-\\xfc\\x7f\\x00\\x00\\xb5}]\\xc1\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 141 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebdb0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xc3\\x8e\\x8dg\\x02\\x00\\x00`\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00@+\\xfc\\x7f\\x00\\x00\\xf0IO+\\xfc\\x7f\\x00\\x00\\x00@5\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00 \\xa0\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00H\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xc0\\xc1%-\\xfc\\x7f\\x00\\x00\\xc0\\xc1%-\\xfc\\x7f\\x00\\x00=}>a\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 142 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebb50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xe0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xa7,\\xfc\\x7f\\x00\\x00P\\xe7\\xa8,\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x0c\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00P\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00x\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\x00\\xe8\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc2%-\\xfc\\x7f\\x00\\x00\\xf1\\xdf.\\xd4\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 143 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebee0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10\\xc0\\x8e\\x8dg\\x02\\x00\\x00P\\xbb\\x8e\\x8dg\\x02\\x00\\x00 \\xc0\\x8e\\x8dg\\x02\\x00\\x00`\\xbb\\x8e\\x8dg\\x02\\x00\\x000\\xc0\\x8e\\x8dg\\x02\\x00\\x00p\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00 +\\xfc\\x7f\\x00\\x00\\xa0\\xa7 +\\xfc\\x7f\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xa0\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xc8\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00@\\xc2%-\\xfc\\x7f\\x00\\x00\\x80\\x90\\x8e\\x8dg\\x02\\x00\\x00S\\xbe\\xd5!\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 144 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec010" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "p\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xea\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xbf*\\xfc\\x7f\\x00\\x00\\xf0\\x90\\xbf*\\xfc\\x7f\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00\\xb0\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xd8\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00`\\xc1%-\\xfc\\x7f\\x00\\x00`\\xc1%-\\xfc\\x7f\\x00\\x00C\\xb9#\\x97\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 145 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec270" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xe4\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc0\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xe4\\x8e\\x8dg\\x02\\x00\\x00 \\xc0\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xe7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00{,\\xfc\\x7f\\x00\\x00\\xf0\"{,\\xfc\\x7f\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x006\\x008\\x00\\x00\\x00\\x00\\x00\\xa0\\xdb\\x8e\\x8dg\\x02\\x00\\x00\\x0e\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xc8\\xdb\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xe0\\xc2%-\\xfc\\x7f\\x00\\x00\\xe0\\xc2%-\\xfc\\x7f\\x00\\x00@\\xe2\\xe3o\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 146 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ee400" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xec\\x8e\\x8dg\\x02\\x00\\x00p\\xc2\\x8e\\x8dg\\x02\\x00\\x00`\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xc2\\x8e\\x8dg\\x02\\x00\\x00`\\xc1\\x8e\\x8dg\\x02\\x00\\x00p\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\r,\\xfc\\x7f\\x00\\x00\\xa04\\x0f,\\xfc\\x7f\\x00\\x00\\x00\\xe0F\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xf0\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x18\\xa3\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xc2%-\\xfc\\x7f\\x00\\x00p\\xc2%-\\xfc\\x7f\\x00\\x00\"%\\x88W\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 147 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eec50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "@\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xe4\\x8e\\x8dg\\x02\\x00\\x00P\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xe4\\x8e\\x8dg\\x02\\x00\\x00 \\xe4\\x8e\\x8dg\\x02\\x00\\x00P\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xcd*\\xfc\\x7f\\x00\\x00P7\\xce*\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x04\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\x80\\xa4\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xa8\\xa4\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xb0\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xc1%-\\xfc\\x7f\\x00\\x00]\\x81\\xde\\x1e\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 148 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec140" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x90\\xb6\\x8e\\x8dg\\x02\\x00\\x00P\\xec\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xb6\\x8e\\x8dg\\x02\\x00\\x00`\\xec\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xe7\\x8e\\x8dg\\x02\\x00\\x00 \\xe4\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00c*\\xfc\\x7f\\x00\\x00\\x804c*\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00`\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x88\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xc0\\xff\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x08\\x95\\x19\\x06\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 149 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb690" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xc0\\xb7\\x8e\\x8dg\\x02\\x00\\x00@\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xb7\\x8e\\x8dg\\x02\\x00\\x00P\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xb7\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x1f\\x17\\xfc\\x7f\\x00\\x00p\\x9e(\\x17\\xfc\\x7f\\x00\\x00\\x00\\xa0)\\x00\\x00\\x00\\x00\\x00\\xf8\\x00\\xfa\\x00\\x00\\x00\\x00\\x00\\xb0'\\x8f\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x90(\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x10\\x06\\x00\\xff\\xff0\\xc2%-\\xfc\\x7f\\x00\\x00p\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xed\\xb6\\x1eK\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 150 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb7c0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x16(\\xfc\\x7f\\x00\\x00p\\x8c\\x18(\\xfc\\x7f\\x00\\x00\\x00\\xe0\t\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00g\\x02\\x00\\x00@\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00h\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\x00\\xc3%-\\xfc\\x7f\\x00\\x00@\\xac\\x8e\\x8dg\\x02\\x00\\x006\\x88\\x10\\x16\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 151 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb8f0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " \\xba\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xb7\\x8e\\x8dg\\x02\\x00\\x000\\xba\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xb7\\x8e\\x8dg\\x02\\x00\\x00@\\xba\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xb7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x89\\x17\\xfc\\x7f\\x00\\x00\\xc0\\x16\\x89\\x17\\xfc\\x7f\\x00\\x00\\x00\\x90\\x01\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00g\\x02\\x00\\x00\\x90\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xb8\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xc0\\xc2%-\\xfc\\x7f\\x00\\x00\\xc0\\xc2%-\\xfc\\x7f\\x00\\x00\\x1e\\xc3a\\x08\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 152 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eba20" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "p\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00r\\x1c\\xfc\\x7f\\x00\\x00 Rs\\x1c\\xfc\\x7f\\x00\\x00\\x00P\t\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00g\\x02\\x00\\x00\\x00\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00(\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff0\\xfc\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbc\\x8e\\x8dg\\x02\\x00\\x00}\\x0bF\r\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 153 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ef370" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " \\xfe\\x8e\\x8dg\\x02\\x00\\x00 \\xba\\x8e\\x8dg\\x02\\x00\\x000\\xfe\\x8e\\x8dg\\x02\\x00\\x000\\xba\\x8e\\x8dg\\x02\\x00\\x00@\\xfe\\x8e\\x8dg\\x02\\x00\\x00@\\xba\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00|\\x1c\\xfc\\x7f\\x00\\x00pR\\x80\\x1c\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x1a\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00g\\x02\\x00\\x00\\x00=\\x8f\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00(=\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xb0\\xc1%-\\xfc\\x7f\\x00\\x00\\xb0\\xc1%-\\xfc\\x7f\\x00\\x00n\\xea\\xab\\xed\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 154 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8efe20" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xff\\x8e\\x8dg\\x02\\x00\\x00p\\xf3\\x8e\\x8dg\\x02\\x00\\x00`\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xf3\\x8e\\x8dg\\x02\\x00\\x00p\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xcb\\x13\\xfc\\x7f\\x00\\x00P5\\xcb\\x13\\xfc\\x7f\\x00\\x00\\x00\\x90\\x04\\x00\\x00\\x00\\x00\\x006\\x008\\x00g\\x02\\x00\\x00\\xf0N\\x8f\\x8dg\\x02\\x00\\x00\\x0e\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x18O\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xa0\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xc1%-\\xfc\\x7f\\x00\\x00v\\x0cU\\xc3\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 155 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eff50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "`\\xe6\\x8e\\x8dg\\x02\\x00\\x00 \\xfe\\x8e\\x8dg\\x02\\x00\\x00p\\xe6\\x8e\\x8dg\\x02\\x00\\x000\\xfe\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xe6\\x8e\\x8dg\\x02\\x00\\x00@\\xfe\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\"$\\xfc\\x7f\\x00\\x00@\\x1a$$\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x03\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00g\\x02\\x00\\x00\\xf08\\x8f\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x189\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xd0\\xc1%-\\xfc\\x7f\\x00\\x00\\xb0\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x0e\\x82\\xd7\\x1f\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 156 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ee660" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\x00\\x8f\\x8dg\\x02\\x00\\x00P\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x00\\x8f\\x8dg\\x02\\x00\\x00`\\xff\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x00\\x8f\\x8dg\\x02\\x00\\x00p\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\t)\\xfc\\x7f\\x00\\x00\\xc0d\\x0b)\\xfc\\x7f\\x00\\x00\\x000\\x0f\\x00\\x00\\x00\\x00\\x008\\x00:\\x00g\\x02\\x00\\x00pE\\x8f\\x8dg\\x02\\x00\\x00\\x10\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x98E\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00`\\xfd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xc2%-\\xfc\\x7f\\x00\\x00k;\\xec\\xee\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 157 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8f0080" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0\\xfc\\x8e\\x8dg\\x02\\x00\\x00`\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xfd\\x8e\\x8dg\\x02\\x00\\x00p\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xc4%-\\xfc\\x7f\\x00\\x00\\x80\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd7&\\xfc\\x7f\\x00\\x00\\xd0\\xc1\\xde&\\xfc\\x7f\\x00\\x00\\x000&\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\xfc\\x7f\\x00\\x00\\x90>\\x8f\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb8>\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x00\\x00\\x06\\x00\\x00\\x00\\xf0\\xc1%-\\xfc\\x7f\\x00\\x00p\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x07\\xae\\xaap\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 158 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2c06a553", "parentcaller": "0x7ffc26dec150", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 159 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2c06a553", "parentcaller": "0x7ffc26dec150", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\d3d11" }, { "name": "BaseAddress", "value": "0x7ffc26d70000" }, { "name": "InitRoutine", "value": "0x7ffc26dec1d0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 160 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2d15c2c7", "parentcaller": "0x7ffc2d15c05a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\kernel.appcore" }, { "name": "BaseAddress", "value": "0x7ffc286b0000" }, { "name": "InitRoutine", "value": "0x7ffc286b3f10" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 161 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3f3b", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18e87018" }, { "name": "Size", "value": "0x00000008" }, { "name": "Buffer", "value": "\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00" } ], "repeated": 0, "id": 162 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3f7a", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2d25c4e0" }, { "name": "Size", "value": "0x00000008" }, { "name": "Buffer", "value": "\\x90%\\x8e\\x8dg\\x02\\x00\\x00" } ], "repeated": 0, "id": 163 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e2580" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0#\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00$\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e)\\xf7\\x7f\\x00\\x00\\xf0\\x00\\xa1)\\xf7\\x7f\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xf8!\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00 \"\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x00\\x00\\xff\\xff\\xff\\xff\\x80Q\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc2%-\\xfc\\x7f\\x00\\x00u\\x00|V\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 164 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e23f0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10+\\x8e\\x8dg\\x02\\x00\\x00\\x80%\\x8e\\x8dg\\x02\\x00\\x00 +\\x8e\\x8dg\\x02\\x00\\x00\\x90%\\x8e\\x8dg\\x02\\x00\\x00@1\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xc4%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x0f-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x1f\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00\\xf0\"\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb0\\xd9!-\\xfc\\x7f\\x00\\x00\\xc4\\xa2\\x00\\x00\\xff\\xff\\x00\\x00\\x80\\xc2%-\\xfc\\x7f\\x00\\x00\\x80\\xc2%-\\xfc\\x7f\\x00\\x00o\\xaad\\x9b\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 165 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e2b10" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " 1\\x8e\\x8dg\\x02\\x00\\x00\\xf0#\\x8e\\x8dg\\x02\\x00\\x0001\\x8e\\x8dg\\x02\\x00\\x00\\x00$\\x8e\\x8dg\\x02\\x00\\x000Q\\x8e\\x8dg\\x02\\x00\\x00@1\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xff,\\xfc\\x7f\\x00\\x00\\xe0s\\x00-\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x0b\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xa0,\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xc8,\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x0c\\x00\\xff\\xff\\x00\\x00`\\xc2%-\\xfc\\x7f\\x00\\x00`\\xc2%-\\xfc\\x7f\\x00\\x00'\\xda\\xc9\\x9e\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 166 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e3120" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "0M\\x8e\\x8dg\\x02\\x00\\x00\\x10+\\x8e\\x8dg\\x02\\x00\\x00@M\\x8e\\x8dg\\x02\\x00\\x00 +\\x8e\\x8dg\\x02\\x00\\x000+\\x8e\\x8dg\\x02\\x00\\x00\\x10$\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd5*\\xfc\\x7f\\x00\\x00\\xb0g\\xd6*\\xfc\\x7f\\x00\\x00\\x00`/\\x00\\x00\\x00\\x00\\x00D\\x00F\\x00\\x00\\x00\\x00\\x00\\xb02\\x8e\\x8dg\\x02\\x00\\x00\\x1c\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\xd82\\x8e\\x8dg\\x02\\x00\\x00\\xcc\\xa2\\x08\\x00\\xff\\xff\\xff\\xff\\x80\\xc1%-\\xfc\\x7f\\x00\\x00\\x80\\xc1%-\\xfc\\x7f\\x00\\x00\\x12\\x8f\\x0f\\xd8\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 167 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e4d30" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10Q\\x8e\\x8dg\\x02\\x00\\x00 1\\x8e\\x8dg\\x02\\x00\\x00 Q\\x8e\\x8dg\\x02\\x00\\x0001\\x8e\\x8dg\\x02\\x00\\x00\\xe0X\\x8e\\x8dg\\x02\\x00\\x000Q\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x99*\\xfc\\x7f\\x00\\x00\\xb0\\xfa\\x9d*\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x15\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00`N\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x88N\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff0Y\\x8e\\x8dg\\x02\\x00\\x00p\\xc1%-\\xfc\\x7f\\x00\\x00Yo\\xd4\\xce\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 168 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e5110" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0T\\x8e\\x8dg\\x02\\x00\\x000M\\x8e\\x8dg\\x02\\x00\\x00\\xe0T\\x8e\\x8dg\\x02\\x00\\x00@M\\x8e\\x8dg\\x02\\x00\\x00PM\\x8e\\x8dg\\x02\\x00\\x000+\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xaf*\\xfc\\x7f\\x00\\x00\\x10a\\xb0*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xa0R\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xc8R\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\xb0\\xc2%-\\xfc\\x7f\\x00\\x00\\xf0%\\x8e\\x8dg\\x02\\x00\\x00\\x89]\\xcf\\x81\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 169 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e54d0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xc0X\\x8e\\x8dg\\x02\\x00\\x00\\x10Q\\x8e\\x8dg\\x02\\x00\\x00\\xd0X\\x8e\\x8dg\\x02\\x00\\x00 Q\\x8e\\x8dg\\x02\\x00\\x00\\x00a\\x8e\\x8dg\\x02\\x00\\x00\\xe0X\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xf8,\\xfc\\x7f\\x00\\x00\\x00C\\xf9,\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x06\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00`V\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x88V\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xf7\\x8e\\x8dg\\x02\\x00\\x00 \\xc3%-\\xfc\\x7f\\x00\\x00\\xbc1\rz\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 170 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e58c0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xa0\\\\x8e\\x8dg\\x02\\x00\\x00\\xd0T\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\\\x8e\\x8dg\\x02\\x00\\x00\\xe0T\\x8e\\x8dg\\x02\\x00\\x00\\xf0T\\x8e\\x8dg\\x02\\x00\\x00PM\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00T,\\xfc\\x7f\\x00\\x00\\x80\\xe1Y,\\xfc\\x7f\\x00\\x00\\x00`\\x12\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00PZ\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00xZ\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xc1%-\\xfc\\x7f\\x00\\x00\\xa0M\\x8e\\x8dg\\x02\\x00\\x00\\x0f\\xf4P\\xa2\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 171 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e5ca0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xe0`\\x8e\\x8dg\\x02\\x00\\x00\\xc0X\\x8e\\x8dg\\x02\\x00\\x00\\xf0`\\x8e\\x8dg\\x02\\x00\\x00\\xd0X\\x8e\\x8dg\\x02\\x00\\x00 \\xf7\\x8e\\x8dg\\x02\\x00\\x00\\xf0c\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00|,\\xfc\\x7f\\x00\\x00`\\x7f},\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x19\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x000^\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00X^\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00@\\xc1%-\\xfc\\x7f\\x00\\x00@\\xc1%-\\xfc\\x7f\\x00\\x00\\x19t\\xe4\\x12\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 172 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e60e0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0c\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\\\x8e\\x8dg\\x02\\x00\\x00\\xe0c\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\\\x8e\\x8dg\\x02\\x00\\x000\\x90\\x8e\\x8dg\\x02\\x00\\x00\\xf0T\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd2*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00pb\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x98b\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\xf0\\x8b\\x8e\\x8dg\\x02\\x00\\x00@\\xc2%-\\xfc\\x7f\\x00\\x00\\x13\\x02\\xcd\r\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 173 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e63d0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xe0`\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xf0`\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xb5,\\xfc\\x7f\\x00\\x00`I\\xb5,\\xfc\\x7f\\x00\\x00\\x00\\xc0\\x02\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00`e\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x88e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00P\\xc1%-\\xfc\\x7f\\x00\\x00P\\xc1%-\\xfc\\x7f\\x00\\x00\\xb5\\xf0\\x86p\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 174 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e8b80" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10\\x90\\x8e\\x8dg\\x02\\x00\\x00\\xd0c\\x8e\\x8dg\\x02\\x00\\x00 \\x90\\x8e\\x8dg\\x02\\x00\\x00\\xe0c\\x8e\\x8dg\\x02\\x00\\x00\\xf0c\\x8e\\x8dg\\x02\\x00\\x000\\x90\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x87*\\xfc\\x7f\\x00\\x00\\x90\\x17\\x8a*\\xfc\\x7f\\x00\\x00\\x00\\xa0\\x11\\x00\\x00\\x00\\x00\\x00B\\x00D\\x00\\x00\\x00\\x00\\x00\\x10\\x8d\\x8e\\x8dg\\x02\\x00\\x00\\x1a\\x00\\x1c\\x00\\x00\\x00\\x00\\x008\\x8d\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00\\x80\\x90\\x8e\\x8dg\\x02\\x00\\x00Pa\\x8e\\x8dg\\x02\\x00\\x00<\\xa0\\x89\\xf1\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 175 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8e9010" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xd0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x80\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\x00a\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00}*\\xfc\\x7f\\x00\\x00\\x90S~*\\xfc\\x7f\\x00\\x00\\x00\\xd0\t\\x00\\x00\\x00\\x00\\x00B\\x00D\\x00\\x00\\x00\\x00\\x00\\xa0\\x9d\\x8e\\x8dg\\x02\\x00\\x00\\x1a\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\xc8\\x9d\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00P\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\x8b\\x8e\\x8dg\\x02\\x00\\x00\\xcf\\%9\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 176 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eabd0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x10\\x90\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xaf\\x8e\\x8dg\\x02\\x00\\x00 \\x90\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xbc\\x8e\\x8dg\\x02\\x00\\x00 \\xb2\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xed,\\xfc\\x7f\\x00\\x00`X\\xee,\\xfc\\x7f\\x00\\x00\\x00\\xf0\n\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x000\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00X\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x000\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xc3%-\\xfc\\x7f\\x00\\x00\\xef\\x1f\\x17#\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 177 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eaf00" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xab\\x8e\\x8dg\\x02\\x00\\x00 \\xb2\\x8e\\x8dg\\x02\\x00\\x00 \\xf7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x03,\\xfc\\x7f\\x00\\x00Px\\x03,\\xfc\\x7f\\x00\\x00\\x00\\xe0\t\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00\\x80\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xa8\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xf0\\x00\\x8f\\x8dg\\x02\\x00\\x00\\xf0\\xc1%-\\xfc\\x7f\\x00\\x00\\x04\\x0e\\xf6\\x9b\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 178 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb200" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xab\\x8e\\x8dg\\x02\\x00\\x00 \\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xf9+\\xfc\\x7f\\x00\\x00p\\xce\\xfa+\\xfc\\x7f\\x00\\x00\\x00\\xc0\t\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xc0\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xe8\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\x00\\xb7\\x8e\\x8dg\\x02\\x00\\x000\\xc2%-\\xfc\\x7f\\x00\\x00\\x9a\\xb6\\xfa\\x9d\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 179 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebc80" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xa0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xab\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x84+\\xfc\\x7f\\x00\\x00\\x80\\x12\\x95+\\xfc\\x7f\\x00\\x00\\x00Pt\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xd0\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xf8\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\x90\\xba\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xc1%-\\xfc\\x7f\\x00\\x00CA\\xda\\xc3\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 180 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec3a0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xb0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xbc\\x8e\\x8dg\\x02\\x00\\x00p\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00h,\\xfc\\x7f\\x00\\x00\\xb0ej,\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x12\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\x00\\x00\\x00\\x00\\xe0\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x08\\x9f\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff@\\xe3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc3%-\\xfc\\x7f\\x00\\x00\\xb5}]\\xc1\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 181 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebdb0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xc3\\x8e\\x8dg\\x02\\x00\\x00`\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xbc\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00@+\\xfc\\x7f\\x00\\x00\\xf0IO+\\xfc\\x7f\\x00\\x00\\x00@5\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00 \\xa0\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00H\\xa0\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xc0\\xc1%-\\xfc\\x7f\\x00\\x00\\xc0\\xc1%-\\xfc\\x7f\\x00\\x00=}>a\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 182 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebb50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xe0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xbd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xc3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xa7,\\xfc\\x7f\\x00\\x00P\\xe7\\xa8,\\xfc\\x7f\\x00\\x00\\x00\\xd0\\x0c\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00P\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00x\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\x00\\xe8\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc2%-\\xfc\\x7f\\x00\\x00\\xf1\\xdf.\\xd4\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 183 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ebee0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x10\\xc0\\x8e\\x8dg\\x02\\x00\\x00P\\xbb\\x8e\\x8dg\\x02\\x00\\x00 \\xc0\\x8e\\x8dg\\x02\\x00\\x00`\\xbb\\x8e\\x8dg\\x02\\x00\\x000\\xc0\\x8e\\x8dg\\x02\\x00\\x00p\\xbb\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00 +\\xfc\\x7f\\x00\\x00\\xa0\\xa7 +\\xfc\\x7f\\x00\\x00\\x00P\\x05\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xa0\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\xc8\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00@\\xc2%-\\xfc\\x7f\\x00\\x00\\x80\\x90\\x8e\\x8dg\\x02\\x00\\x00S\\xbe\\xd5!\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 184 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec010" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "p\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbe\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xea\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xbf\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xbf*\\xfc\\x7f\\x00\\x00\\xf0\\x90\\xbf*\\xfc\\x7f\\x00\\x00\\x00p\\x02\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00\\x00\\x00\\x00\\x00\\xb0\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xd8\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00`\\xc1%-\\xfc\\x7f\\x00\\x00`\\xc1%-\\xfc\\x7f\\x00\\x00C\\xb9#\\x97\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 185 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec270" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x00\\xe4\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xc0\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xe4\\x8e\\x8dg\\x02\\x00\\x00 \\xc0\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xe7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00{,\\xfc\\x7f\\x00\\x00\\xf0\"{,\\xfc\\x7f\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x006\\x008\\x00\\x00\\x00\\x00\\x00\\xa0\\xdb\\x8e\\x8dg\\x02\\x00\\x00\\x0e\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\xc8\\xdb\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xe0\\xc2%-\\xfc\\x7f\\x00\\x00\\xe0\\xc2%-\\xfc\\x7f\\x00\\x00@\\xe2\\xe3o\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 186 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ee400" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xec\\x8e\\x8dg\\x02\\x00\\x00p\\xc2\\x8e\\x8dg\\x02\\x00\\x00`\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xc2\\x8e\\x8dg\\x02\\x00\\x00`\\xc1\\x8e\\x8dg\\x02\\x00\\x00p\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\r,\\xfc\\x7f\\x00\\x00\\xa04\\x0f,\\xfc\\x7f\\x00\\x00\\x00\\xe0F\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\xf0\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x18\\xa3\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\x00\\x00p\\xc2%-\\xfc\\x7f\\x00\\x00p\\xc2%-\\xfc\\x7f\\x00\\x00\"%\\x88W\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 187 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eec50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "@\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xe4\\x8e\\x8dg\\x02\\x00\\x00P\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xe4\\x8e\\x8dg\\x02\\x00\\x00 \\xe4\\x8e\\x8dg\\x02\\x00\\x00P\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xcd*\\xfc\\x7f\\x00\\x00P7\\xce*\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x04\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00\\x80\\xa4\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\xa8\\xa4\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xb0\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xc1%-\\xfc\\x7f\\x00\\x00]\\x81\\xde\\x1e\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 188 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ec140" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x90\\xb6\\x8e\\x8dg\\x02\\x00\\x00P\\xec\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xb6\\x8e\\x8dg\\x02\\x00\\x00`\\xec\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xe7\\x8e\\x8dg\\x02\\x00\\x00 \\xe4\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00c*\\xfc\\x7f\\x00\\x00\\x804c*\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x04\\x00\\x00\\x00\\x00\\x00@\\x00B\\x00\\x00\\x00\\x00\\x00`\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x88\\xa1\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xc0\\xff\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xec\\x8e\\x8dg\\x02\\x00\\x00\\x08\\x95\\x19\\x06\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 189 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb690" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xc0\\xb7\\x8e\\x8dg\\x02\\x00\\x00@\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xb7\\x8e\\x8dg\\x02\\x00\\x00P\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xb7\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xc2\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x1f\\x17\\xfc\\x7f\\x00\\x00p\\x9e(\\x17\\xfc\\x7f\\x00\\x00\\x00\\xa0)\\x00\\x00\\x00\\x00\\x00\\xf8\\x00\\xfa\\x00\\x00\\x00\\x00\\x00\\xb0'\\x8f\\x8dg\\x02\\x00\\x00\\x18\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x90(\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x10\\x06\\x00\\xff\\xff0\\xc2%-\\xfc\\x7f\\x00\\x00p\\xb2\\x8e\\x8dg\\x02\\x00\\x00\\xed\\xb6\\x1eK\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 190 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb7c0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\xb0\\xb6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x16(\\xfc\\x7f\\x00\\x00p\\x8c\\x18(\\xfc\\x7f\\x00\\x00\\x00\\xe0\t\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00g\\x02\\x00\\x00@\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x16\\x00\\x18\\x00\\x00\\x00\\x00\\x00h\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\x00\\xc3%-\\xfc\\x7f\\x00\\x00@\\xac\\x8e\\x8dg\\x02\\x00\\x006\\x88\\x10\\x16\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 191 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eb8f0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " \\xba\\x8e\\x8dg\\x02\\x00\\x00\\xc0\\xb7\\x8e\\x8dg\\x02\\x00\\x000\\xba\\x8e\\x8dg\\x02\\x00\\x00\\xd0\\xb7\\x8e\\x8dg\\x02\\x00\\x00@\\xba\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xb7\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\x89\\x17\\xfc\\x7f\\x00\\x00\\xc0\\x16\\x89\\x17\\xfc\\x7f\\x00\\x00\\x00\\x90\\x01\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00g\\x02\\x00\\x00\\x90\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\xb8\\x9e\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xc0\\xc2%-\\xfc\\x7f\\x00\\x00\\xc0\\xc2%-\\xfc\\x7f\\x00\\x00\\x1e\\xc3a\\x08\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 192 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eba20" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "p\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xb8\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x10\\xb9\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00r\\x1c\\xfc\\x7f\\x00\\x00 Rs\\x1c\\xfc\\x7f\\x00\\x00\\x00P\t\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00g\\x02\\x00\\x00\\x00\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00(\\xa2\\x8e\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff0\\xfc\\x8e\\x8dg\\x02\\x00\\x00\\xf0\\xbc\\x8e\\x8dg\\x02\\x00\\x00}\\x0bF\r\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 193 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ef370" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": " \\xfe\\x8e\\x8dg\\x02\\x00\\x00 \\xba\\x8e\\x8dg\\x02\\x00\\x000\\xfe\\x8e\\x8dg\\x02\\x00\\x000\\xba\\x8e\\x8dg\\x02\\x00\\x00@\\xfe\\x8e\\x8dg\\x02\\x00\\x00@\\xba\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00|\\x1c\\xfc\\x7f\\x00\\x00pR\\x80\\x1c\\xfc\\x7f\\x00\\x00\\x00\\xe0\\x1a\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00g\\x02\\x00\\x00\\x00=\\x8f\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00(=\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xb0\\xc1%-\\xfc\\x7f\\x00\\x00\\xb0\\xc1%-\\xfc\\x7f\\x00\\x00n\\xea\\xab\\xed\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 194 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8efe20" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "P\\xff\\x8e\\x8dg\\x02\\x00\\x00p\\xf3\\x8e\\x8dg\\x02\\x00\\x00`\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xf3\\x8e\\x8dg\\x02\\x00\\x00p\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x90\\xf3\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xcb\\x13\\xfc\\x7f\\x00\\x00P5\\xcb\\x13\\xfc\\x7f\\x00\\x00\\x00\\x90\\x04\\x00\\x00\\x00\\x00\\x006\\x008\\x00g\\x02\\x00\\x00\\xf0N\\x8f\\x8dg\\x02\\x00\\x00\\x0e\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x18O\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xa0\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xc1%-\\xfc\\x7f\\x00\\x00v\\x0cU\\xc3\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 195 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8eff50" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "`\\xe6\\x8e\\x8dg\\x02\\x00\\x00 \\xfe\\x8e\\x8dg\\x02\\x00\\x00p\\xe6\\x8e\\x8dg\\x02\\x00\\x000\\xfe\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xe6\\x8e\\x8dg\\x02\\x00\\x00@\\xfe\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\"$\\xfc\\x7f\\x00\\x00@\\x1a$$\\xfc\\x7f\\x00\\x00\\x00\\xb0\\x03\\x00\\x00\\x00\\x00\\x00<\\x00>\\x00g\\x02\\x00\\x00\\xf08\\x8f\\x8dg\\x02\\x00\\x00\\x14\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x189\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x08\\x00\\x06\\x00\\xff\\xff\\xd0\\xc1%-\\xfc\\x7f\\x00\\x00\\xb0\\xc1\\x8e\\x8dg\\x02\\x00\\x00\\x0e\\x82\\xd7\\x1f\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 196 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8ee660" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\x80\\x00\\x8f\\x8dg\\x02\\x00\\x00P\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x00\\x8f\\x8dg\\x02\\x00\\x00`\\xff\\x8e\\x8dg\\x02\\x00\\x00\\xa0\\x00\\x8f\\x8dg\\x02\\x00\\x00p\\xff\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\t)\\xfc\\x7f\\x00\\x00\\xc0d\\x0b)\\xfc\\x7f\\x00\\x00\\x000\\x0f\\x00\\x00\\x00\\x00\\x008\\x00:\\x00g\\x02\\x00\\x00pE\\x8f\\x8dg\\x02\\x00\\x00\\x10\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x98E\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00`\\xfd\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xc2%-\\xfc\\x7f\\x00\\x00k;\\xec\\xee\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 197 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8f0080" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "\\xf0\\xfc\\x8e\\x8dg\\x02\\x00\\x00`\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\xfd\\x8e\\x8dg\\x02\\x00\\x00p\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\xfb\\x8e\\x8dg\\x02\\x00\\x00\\x80\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\\xd7&\\xfc\\x7f\\x00\\x00\\xd0\\xc1\\xde&\\xfc\\x7f\\x00\\x00\\x000&\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\xfc\\x7f\\x00\\x00\\x90>\\x8f\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xb8>\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x0c\\x00\\x06\\x00\\x00\\x00\\xf0\\xc1%-\\xfc\\x7f\\x00\\x00p\\xaf\\x8e\\x8dg\\x02\\x00\\x00\\x07\\xae\\xaap\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 198 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ada3fbc", "parentcaller": "0x7ffc2ada3c79", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d8efcf0" }, { "name": "Size", "value": "0x00000088" }, { "name": "Buffer", "value": "0\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\x80\\x00\\x8f\\x8dg\\x02\\x00\\x00@\\xe5\\x8e\\x8dg\\x02\\x00\\x00\\x90\\x00\\x8f\\x8dg\\x02\\x00\\x00\\xf0\\xc4%-\\xfc\\x7f\\x00\\x00\\xe0\\xfb\\x8e\\x8dg\\x02\\x00\\x00\\x00\\x00\"\\x15\\xfc\\x7f\\x00\\x000{\"\\x15\\xfc\\x7f\\x00\\x00\\x00`\\x02\\x00\\x00\\x00\\x00\\x00:\\x00<\\x00\\xfc\\x7f\\x00\\x00\\xa0=\\x8f\\x8dg\\x02\\x00\\x00\\x12\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\xc8=\\x8f\\x8dg\\x02\\x00\\x00\\xec\\xa2\\x00\\x00\\x06\\x00\\xff\\xff\\x00\\xc2%-\\xfc\\x7f\\x00\\x00\\xd0\\xe6\\x8e\\x8dg\\x02\\x00\\x00\\xe0\\x01\\xa9T\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 199 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad7e76a", "parentcaller": "0x7ffc15222b64", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 200 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc1522291e", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 201 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc15222a4d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 202 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc15222ac5", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 203 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc152228ca", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 204 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc15222703", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 205 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc15222867", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 206 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad7ed78", "parentcaller": "0x7ffc15224b66", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x0000026c" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 207 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc15225002", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000026c" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 208 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc15224eb9", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 209 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc15224eb9", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000270" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 210 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc15224eb9", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 211 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc15224eb9", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000274" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 212 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc152271bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000274" } ], "repeated": 0, "id": 213 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc152271bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000270" } ], "repeated": 0, "id": 214 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad7dd5d", "parentcaller": "0x7ffc15227213", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000026c" } ], "repeated": 0, "id": 215 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc152271bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000026c" } ], "repeated": 0, "id": 216 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc15226141", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "ModuleHandle", "value": "0x7ff7299e0000" }, { "name": "FunctionName", "value": "D3D12SDKVersion" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 217 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc15226141", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\D3D12" }, { "name": "BaseAddress", "value": "0x7ffc15220000" }, { "name": "InitRoutine", "value": "0x7ffc15227b30" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 218 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 219 }, { "timestamp": "2026-05-28 21:43:59,197", "thread_id": "14212", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff729a100f0" }, { "name": "Parameter", "value": "0xed18e87000" } ], "repeated": 0, "id": 220 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0ff02", "parentcaller": "0x7ff729a0ffcb", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d915000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 221 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a12fb9", "parentcaller": "0x7ff729a0ffcb", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-core-synch-l1-2-0.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 222 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a12fec", "parentcaller": "0x7ff729a0ffcb", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "InitializeConditionVariable" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d159f40" } ], "repeated": 0, "id": 223 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a13000", "parentcaller": "0x7ff729a0ffcb", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "SleepConditionVariableCS" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc3890" } ], "repeated": 0, "id": 224 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a13014", "parentcaller": "0x7ff729a0ffcb", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "WakeAllConditionVariable" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d145430" } ], "repeated": 0, "id": 225 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0ff59", "parentcaller": "0x7ff729a0ffec", "category": "hooking", "api": "SetUnhandledExceptionFilter", "status": true, "return": "0x00000001", "arguments": [ { "name": "ExceptionFilter", "value": "0x7ff729a10730" } ], "repeated": 0, "id": 226 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06676", "parentcaller": "0x7ff729a0500e", "category": "device", "api": "NtPowerInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "InformationLevel", "value": "46" }, { "name": "InputBuffer", "value": "\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\x00\\x00\\x00\\x00f\\x0e\\x00\\x00f\\x0e\\x00\\x00f\\x0e\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00f\\x0e\\x00\\x00f\\x0e\\x00\\x00f\\x0e\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 227 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0b7c8", "parentcaller": "0x7ff729a0b4ed", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 228 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0b4fe", "parentcaller": "0x7ff729a0b56a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 229 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0b782", "parentcaller": "0x7ff729a0b60d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 230 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0b6b2", "parentcaller": "0x7ff729a0b641", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 231 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0b2f3", "parentcaller": "0x7ff729a0af08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 232 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a08539", "parentcaller": "0x7ff7299e8c3e", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000278" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 233 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a08df4", "parentcaller": "0x7ff729a08568", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000278" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 234 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08b03", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 235 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08b03", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000027c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 236 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08bba", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 237 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08bba", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000280" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 238 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0f03f", "parentcaller": "0x7ff729a08bcc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000280" } ], "repeated": 0, "id": 239 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0f03f", "parentcaller": "0x7ff729a08c07", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000027c" } ], "repeated": 0, "id": 240 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0f2e3", "parentcaller": "0x7ff729a085b8", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000278" } ], "repeated": 0, "id": 241 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a0f03f", "parentcaller": "0x7ff729a085c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000278" } ], "repeated": 0, "id": 242 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05021", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 243 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05021", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 244 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05021", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x00000280" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 245 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05021", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000280" }, { "name": "ValueName", "value": "StartUpTab" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab" } ], "repeated": 0, "id": 246 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05021", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000280" } ], "repeated": 0, "id": 247 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05021", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 248 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a280d2", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "85" }, { "name": "ProcessInformation", "value": "\\xd0\\xc3\\xab)\\xf7\\x7f\\x00\\x00\\xf2QA\\xf3\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 249 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a070fd", "parentcaller": "0x7ff729a06cdd", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 250 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a070fd", "parentcaller": "0x7ff729a06cdd", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000027c" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 251 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a070fd", "parentcaller": "0x7ff729a06cdd", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000027c" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" } ], "repeated": 0, "id": 252 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d29", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 253 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d29", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 254 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d29", "parentcaller": "0x7ff729a10076", "category": "misc", "api": "CommandLineToArgvW", "status": true, "return": "0x2678d90cba0", "arguments": [ { "name": "CommandLine", "value": "/4" }, { "name": "NumArgs", "value": "1" } ], "repeated": 0, "id": 255 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a07009", "parentcaller": "0x7ff729a06d4b", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000288" }, { "name": "MutexName", "value": "Local\\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b" }, { "name": "InitialOwner", "value": "1" } ], "repeated": 0, "id": 256 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d71", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f2d0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 257 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d71", "parentcaller": "0x7ff729a10076", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000028c" }, { "name": "MutexName", "value": "" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 258 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "Comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 259 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "Comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 260 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 261 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 262 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "LoadIconWithScaleDown" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1727de70" } ], "repeated": 0, "id": 263 }, { "timestamp": "2026-05-28 21:43:59,760", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d916000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 264 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d917000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 265 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06d95", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d918000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 266 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 267 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 268 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 269 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 270 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 271 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 272 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\DirectUI\\DynamicScaling" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectUI\\DynamicScaling" } ], "repeated": 0, "id": 273 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 274 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 275 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\duser.dll" }, { "name": "BaseAddress", "value": "0x7ffc1c720000" } ], "repeated": 0, "id": 276 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc1c720000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\DUser.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 277 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000298" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2c06afb0" }, { "name": "Parameter", "value": "0x2678f355dd0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "13428" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "msvcrt.dll" } ], "repeated": 0, "id": 278 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000298", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2c06afb0" }, { "name": "Parameter", "value": "0x2678f355dd0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "13428" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 279 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "13976", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d91a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "yes" } ], "repeated": 0, "id": 280 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "13976", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 281 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "13976", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14481ed0" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 282 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14068", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 283 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14068", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14482030" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 284 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14064", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 285 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "14064", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14481e10" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 286 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "13964", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d91b000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 287 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "13964", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 288 }, { "timestamp": "2026-05-28 21:43:59,775", "thread_id": "13964", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc14481a00" }, { "name": "Parameter", "value": "0x00000000" } ], "repeated": 0, "id": 289 }, { "timestamp": "2026-05-28 21:43:59,807", "thread_id": "13428", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d91c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 290 }, { "timestamp": "2026-05-28 21:43:59,807", "thread_id": "13428", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 291 }, { "timestamp": "2026-05-28 21:43:59,807", "thread_id": "13428", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2c06afb0" }, { "name": "Parameter", "value": "0x2678f355dd0" } ], "repeated": 0, "id": 292 }, { "timestamp": "2026-05-28 21:43:59,807", "thread_id": "13428", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d91e000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 293 }, { "timestamp": "2026-05-28 21:43:59,807", "thread_id": "13428", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2c7e2b57", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\uxtheme.dll" }, { "name": "BaseAddress", "value": "0x7ffc28160000" } ], "repeated": 0, "id": 294 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "13428", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2c7e2b57", "category": "misc", "api": "GetSystemMetrics", "status": false, "return": "0x00000000", "arguments": [ { "name": "SystemMetricIndex", "value": "4096" } ], "repeated": 2, "id": 295 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "13428", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb79000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 296 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "13428", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb79000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 297 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "13428", "caller": "0x7ffc1c72a278", "parentcaller": "0x7ffc1c72a881", "category": "misc", "api": "GetSystemMetrics", "status": false, "return": "0x00000000", "arguments": [ { "name": "SystemMetricIndex", "value": "4096" } ], "repeated": 0, "id": 298 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "13428", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d921000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 299 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "13428", "caller": "0x7ffc1c72a09b", "parentcaller": "0x7ffc1c72a047", "category": "misc", "api": "SystemParametersInfoA", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00001042" }, { "name": "uiParam", "value": "0x00000000" } ], "repeated": 0, "id": 300 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "user32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 301 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2c7c0000", "arguments": [ { "name": "lpLibFileName", "value": "user32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 302 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "RegisterMessagePumpHook" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7ebd70" } ], "repeated": 0, "id": 303 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d923000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 304 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "misc", "api": "GetSystemMetrics", "status": false, "return": "0x00000000", "arguments": [ { "name": "SystemMetricIndex", "value": "4096" } ], "repeated": 3, "id": 305 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d926000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 306 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "misc", "api": "SystemParametersInfoA", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00001042" }, { "name": "uiParam", "value": "0x00000000" } ], "repeated": 0, "id": 307 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06db3", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\DirectUI" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectUI" } ], "repeated": 0, "id": 308 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10c13", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 309 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10c13", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 310 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrGetDllHandle", "status": false, "return": "0xffffffffc0000135", "pretty_return": "DLL_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\system32\\rpcss.dll" }, { "name": "ModuleHandle", "value": "0xed00000040" } ], "repeated": 0, "id": 311 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 312 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 313 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 314 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 315 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002b8" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "bcryptPrimitives.dll" } ], "repeated": 0, "id": 316 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002b8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00082000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 317 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b127000" }, { "name": "ModuleName", "value": "bcryptPrimitives.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 318 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b127000" }, { "name": "ModuleName", "value": "bcryptPrimitives.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 319 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b127000" }, { "name": "ModuleName", "value": "bcryptPrimitives.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 320 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b127000" }, { "name": "ModuleName", "value": "bcryptPrimitives.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 321 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b127000" }, { "name": "ModuleName", "value": "bcryptPrimitives.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 322 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002b8" } ], "repeated": 0, "id": 323 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b127000" }, { "name": "ModuleName", "value": "bcryptPrimitives.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 324 }, { "timestamp": "2026-05-28 21:43:59,885", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\bcryptPrimitives" }, { "name": "DllBase", "value": "0x7ffc2b0c0000" } ], "repeated": 0, "id": 325 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002c0" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy" } ], "repeated": 0, "id": 326 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002c0" }, { "name": "ValueName", "value": "STE" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE" } ], "repeated": 0, "id": 327 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002c0" } ], "repeated": 0, "id": 328 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002c0" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy" } ], "repeated": 0, "id": 329 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002c0" }, { "name": "ValueName", "value": "Enabled" }, { "name": "Type", "value": "4", "pretty_value": "REG_DWORD" }, { "name": "Information", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled" } ], "repeated": 0, "id": 330 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002c4" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa" } ], "repeated": 0, "id": 331 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002c4" }, { "name": "ValueName", "value": "FipsAlgorithmPolicy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy" } ], "repeated": 0, "id": 332 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002c0" }, { "name": "ValueName", "value": "MDMEnabled" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled" } ], "repeated": 0, "id": 333 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002c0" } ], "repeated": 0, "id": 334 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002c4" } ], "repeated": 0, "id": 335 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration" } ], "repeated": 0, "id": 336 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000002c4" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "\\Device\\CNG" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 337 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000002c4" }, { "name": "IoControlCode", "value": "0x00390008", "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER" }, { "name": "InBuffer", "value": "" }, { "name": "OutBuffer", "value": "\\xc9x\\xac\\xaf\\xf2\\x8aD\t\\x17|\\xbd\\x92\\xa2RN\\xbe\\xd8\\xd6\\xd8\\xbb<\\x01\\x90jA\\xd8\\xd9\\x08_\\xc1\\xe5\\xae\\xf0\\xdf\\xa2\\x0c\\x99\\xa31\\xc2\\xb2\\xa5\\x9dS\\xb6o\\xafV" } ], "repeated": 0, "id": 338 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\bcryptprimitives" }, { "name": "BaseAddress", "value": "0x7ffc2b0c0000" }, { "name": "InitRoutine", "value": "0x7ffc2b0f8b60" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 339 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 340 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 341 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d929000" }, { "name": "RegionSize", "value": "0x00006000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 342 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 343 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06dd4", "parentcaller": "0x7ff729a10076", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b731000" }, { "name": "ModuleName", "value": "combase.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 344 }, { "timestamp": "2026-05-28 21:44:00,104", "thread_id": "14212", "caller": "0x7ff729a06e14", "parentcaller": "0x7ff729a10076", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\clbcatq" }, { "name": "DllBase", "value": "0x7ffc2c9c0000" } ], "repeated": 0, "id": 345 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06e14", "parentcaller": "0x7ff729a10076", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0000034B-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "0000015B-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 346 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00D8\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 347 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" } ], "repeated": 0, "id": 348 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "ValueName", "value": "en-AU" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU" } ], "repeated": 0, "id": 349 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 350 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" } ], "repeated": 0, "id": 351 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "ValueName", "value": "en-AU" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU" } ], "repeated": 0, "id": 352 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e617e", "parentcaller": "0x7ff729a06e4f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 353 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f250000" }, { "name": "RegionSize", "value": "0x0000f000" } ], "repeated": 0, "id": 354 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000000cc" } ], "repeated": 0, "id": 355 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 356 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000000cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\taskmgr.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 357 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000000cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\Taskmgr.exe.mui" } ], "repeated": 0, "id": 358 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002f4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f250000" }, { "name": "SectionOffset", "value": "0xed18d9ec00" }, { "name": "ViewSize", "value": "0x0000f000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 359 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e8345", "parentcaller": "0x7ff7299e6258", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 360 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06212", "parentcaller": "0x7ff729a06e5b", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 361 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06212", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000027c" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 362 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06212", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000027c" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 363 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06212", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" }, { "name": "ValueName", "value": "Preferences" }, { "name": "Data", "value": "\r\\x00\\x00\\x00`\\x00\\x00\\x00`\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xfd\\x01\\x00\\x00\\xf6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x80\\xd8\\x01\\x00\\x80\\xdf\\x01\\x00\\x80\\x00\\x01\\x00\\x01\\xc1\\x01\\x00\\x00,\\x01\\x00\\x00i\\x04\\x00\\x00\\x84\\x03\\x00\\x00\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xea\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x89\\x90\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x00\\x00\\x00\\x01\\x01P\\x02\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x96\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8b\\x90\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x10\\x01\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xffx\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8c\\x90\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x12\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x96\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8d\\x90\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x10\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff2\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8a\\x90\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08 \\x01\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xab\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xc8\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8e\\x90\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x10\\x01\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xab\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x04\\x01\\x00\\x00\\x1e\\x00\\x00\\x00\\x8f\\x90\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x10\\x01\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xab\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xffI\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences" } ], "repeated": 0, "id": 364 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06212", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 365 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a0624b", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x000002f4" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 366 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a279c0", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "RegDeleteValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" }, { "name": "ValueName", "value": "Preferences" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences" } ], "repeated": 0, "id": 367 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a27900", "parentcaller": "0x7ff729a279d0", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 368 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a27a86", "parentcaller": "0x7ff729a06e5b", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 369 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a27a86", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000027c" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 370 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a27a86", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000027c" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 371 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a27a86", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" }, { "name": "ValueName", "value": "UseStatusSetting" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\UseStatusSetting" } ], "repeated": 0, "id": 372 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a27a86", "parentcaller": "0x7ff729a06e5b", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 373 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05071", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x000002f4" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 374 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05071", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000002f4" }, { "name": "ValueName", "value": "StartUpTab" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab" } ], "repeated": 0, "id": 375 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05071", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 376 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a05071", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 377 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299f9e90", "parentcaller": "0x7ff729a0507f", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "182" } ], "repeated": 0, "id": 378 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a0b42b", "parentcaller": "0x7ff7299e8cce", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 379 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a0b4aa", "parentcaller": "0x7ff7299e96f1", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 380 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e5287", "parentcaller": "0x7ff7299e510e", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" } ], "repeated": 0, "id": 381 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e5287", "parentcaller": "0x7ff7299e510e", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "ValueName", "value": "PreferExternalManifest" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest" } ], "repeated": 0, "id": 382 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e5287", "parentcaller": "0x7ff7299e510e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 383 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e5287", "parentcaller": "0x7ff7299e510e", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x001200a9", "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\taskmgr.exe.3.Manifest" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 384 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e531c", "parentcaller": "0x7ff7299e510e", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "Comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 385 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff7299e531c", "parentcaller": "0x7ff7299e510e", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "Comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 386 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06bed", "parentcaller": "0x7ff729a04a12", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" } ], "repeated": 0, "id": 387 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06bed", "parentcaller": "0x7ff729a04a12", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "ValueName", "value": "en-US" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US" } ], "repeated": 0, "id": 388 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06bed", "parentcaller": "0x7ff729a04a12", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 389 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06bed", "parentcaller": "0x7ff729a04a12", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" } ], "repeated": 0, "id": 390 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06bed", "parentcaller": "0x7ff729a04a12", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000002f4" }, { "name": "ValueName", "value": "en-US" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US" } ], "repeated": 0, "id": 391 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a06bed", "parentcaller": "0x7ff729a04a12", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f4" } ], "repeated": 0, "id": 392 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251768", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#4" }, { "name": "Name", "value": "#30205" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 393 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f252620", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251768" } ], "repeated": 0, "id": 394 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 395 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002fc" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "MSCTF.dll" } ], "repeated": 0, "id": 396 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002fc" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b280000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00114000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 397 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 398 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 399 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 400 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 401 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35c000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 402 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35b000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 403 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002fc" } ], "repeated": 0, "id": 404 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b35b000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 405 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\\\x00W\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00S\\x00\\\\x00a\\x00m\\x00\\x02\\x00\\x00\\x004\\x00_\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00o\\x00s\\x00o\\x00f\\x00\\x02\\x00\\x00\\x00w\\x00i\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00s\\x00.\\x00c\\x00o\\x00\\x02\\x00\\x00\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00r\\x00o\\x00l\\x00\\x02\\x00\\x00\\x006\\x005\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x001\\x004\\x004\\x00\\x02\\x00\\x00\\x00f\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x000\\x00.\\x001\\x00" } ], "repeated": 0, "id": 406 }, { "timestamp": "2026-05-28 21:44:00,307", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\MSCTF" }, { "name": "DllBase", "value": "0x7ffc2b280000" } ], "repeated": 0, "id": 407 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\msctf" }, { "name": "BaseAddress", "value": "0x7ffc2b280000" }, { "name": "InitRoutine", "value": "0x7ffc2b2c0760" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 408 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 409 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 410 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000300" } ], "repeated": 0, "id": 411 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000304" } ], "repeated": 0, "id": 412 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 413 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 414 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 415 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ad8", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 416 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002f8" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "\\Sessions\\1\\Windows\\ThemeSection" } ], "repeated": 0, "id": 417 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000002f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f320000" }, { "name": "SectionOffset", "value": "0xed18d9e470" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 418 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000304" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "\\Windows\\Theme661499817" } ], "repeated": 0, "id": 419 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000300" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "\\Sessions\\1\\Windows\\Theme2324452754" } ], "repeated": 0, "id": 420 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f320000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 421 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" } ], "repeated": 0, "id": 422 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000304" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790c70000" }, { "name": "SectionOffset", "value": "0xed18d9eb90" }, { "name": "ViewSize", "value": "0x000e2000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 423 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000300" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f320000" }, { "name": "SectionOffset", "value": "0xed18d9eb90" }, { "name": "ViewSize", "value": "0x00004000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 424 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 425 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 426 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 427 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 428 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 429 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 430 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 431 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 432 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 433 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 434 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 435 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 436 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000030c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 437 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000030c" } ], "repeated": 0, "id": 438 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" } ], "repeated": 0, "id": 439 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" } ], "repeated": 0, "id": 440 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ad8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002f8" } ], "repeated": 0, "id": 441 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db2000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 442 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000308" }, { "name": "DesiredAccess", "value": "0x00000009", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager" } ], "repeated": 0, "id": 443 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000308" }, { "name": "ValueName", "value": "ResourcePolicies" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies" } ], "repeated": 0, "id": 444 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" } ], "repeated": 0, "id": 445 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f330000" }, { "name": "RegionSize", "value": "0x0000d000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 446 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f330000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 447 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db4000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 448 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db5000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 449 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 450 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 451 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 452 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 453 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 454 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 455 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "GetUserDefaultLCID", "status": true, "return": "0x00000c09", "arguments": [ { "name": "SystemDefaultLangID", "value": "0x00000c09" }, { "name": "LanguageName", "value": "English (Australia)" } ], "repeated": 0, "id": 456 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d931000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 457 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d936000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 458 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink" }, { "name": "Handle", "value": "0x00000308" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink" } ], "repeated": 0, "id": 459 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000308" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "67" }, { "name": "MaxValueNameLength", "value": "27" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 460 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d93b000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 461 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "0" }, { "name": "ValueName", "value": "Lucida Sans Unicode" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Lucida Sans Unicode" } ], "repeated": 0, "id": 462 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "1" }, { "name": "ValueName", "value": "Microsoft Sans Serif" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft Sans Serif" } ], "repeated": 0, "id": 463 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "2" }, { "name": "ValueName", "value": "Tahoma" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Tahoma" } ], "repeated": 0, "id": 464 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "3" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI" } ], "repeated": 0, "id": 465 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "4" }, { "name": "ValueName", "value": "Segoe UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Bold" } ], "repeated": 0, "id": 466 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "5" }, { "name": "ValueName", "value": "Segoe UI Light" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Light" } ], "repeated": 0, "id": 467 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "6" }, { "name": "ValueName", "value": "Segoe UI Semilight" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Semilight" } ], "repeated": 0, "id": 468 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "7" }, { "name": "ValueName", "value": "Segoe UI Semibold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Semibold" } ], "repeated": 0, "id": 469 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "8" }, { "name": "ValueName", "value": "Ebrima" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Ebrima" } ], "repeated": 0, "id": 470 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "9" }, { "name": "ValueName", "value": "Ebrima Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Ebrima Bold" } ], "repeated": 0, "id": 471 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "10" }, { "name": "ValueName", "value": "Gadugi" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gadugi" } ], "repeated": 0, "id": 472 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "11" }, { "name": "ValueName", "value": "Gadugi Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gadugi Bold" } ], "repeated": 0, "id": 473 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "12" }, { "name": "ValueName", "value": "Khmer UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Khmer UI" } ], "repeated": 0, "id": 474 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "13" }, { "name": "ValueName", "value": "Khmer UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Khmer UI Bold" } ], "repeated": 0, "id": 475 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "14" }, { "name": "ValueName", "value": "Lao UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Lao UI" } ], "repeated": 0, "id": 476 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "15" }, { "name": "ValueName", "value": "Lao UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Lao UI Bold" } ], "repeated": 0, "id": 477 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "16" }, { "name": "ValueName", "value": "Leelawadee" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee" } ], "repeated": 0, "id": 478 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "17" }, { "name": "ValueName", "value": "Leelawadee Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee Bold" } ], "repeated": 0, "id": 479 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "18" }, { "name": "ValueName", "value": "Leelawadee UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee UI" } ], "repeated": 0, "id": 480 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "19" }, { "name": "ValueName", "value": "Leelawadee UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee UI Bold" } ], "repeated": 0, "id": 481 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "20" }, { "name": "ValueName", "value": "Nirmala UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Nirmala UI" } ], "repeated": 0, "id": 482 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "21" }, { "name": "ValueName", "value": "Nirmala UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Nirmala UI Bold" } ], "repeated": 0, "id": 483 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "22" }, { "name": "ValueName", "value": "Nirmala UI Semilight" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Nirmala UI Semilight" } ], "repeated": 0, "id": 484 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "23" }, { "name": "ValueName", "value": "MingLiU" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU" } ], "repeated": 0, "id": 485 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "24" }, { "name": "ValueName", "value": "PMingLiU" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\PMingLiU" } ], "repeated": 0, "id": 486 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "25" }, { "name": "ValueName", "value": "MingLiU_HKSCS" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU_HKSCS" } ], "repeated": 0, "id": 487 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "26" }, { "name": "ValueName", "value": "MingLiU-ExtB" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU-ExtB" } ], "repeated": 0, "id": 488 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "27" }, { "name": "ValueName", "value": "PMingLiU-ExtB" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\PMingLiU-ExtB" } ], "repeated": 0, "id": 489 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "28" }, { "name": "ValueName", "value": "MingLiU_HKSCS-ExtB" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU_HKSCS-ExtB" } ], "repeated": 0, "id": 490 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "29" }, { "name": "ValueName", "value": "Microsoft JhengHei" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei" } ], "repeated": 0, "id": 491 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "30" }, { "name": "ValueName", "value": "Microsoft JhengHei Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei Bold" } ], "repeated": 0, "id": 492 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "31" }, { "name": "ValueName", "value": "Microsoft JhengHei UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei UI" } ], "repeated": 0, "id": 493 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "32" }, { "name": "ValueName", "value": "Microsoft JhengHei UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei UI Bold" } ], "repeated": 0, "id": 494 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "33" }, { "name": "ValueName", "value": "Microsoft JhengHei UI Light" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei UI Light" } ], "repeated": 0, "id": 495 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "34" }, { "name": "ValueName", "value": "SimSun" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\SimSun" } ], "repeated": 0, "id": 496 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "35" }, { "name": "ValueName", "value": "SimSun-ExtB" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\SimSun-ExtB" } ], "repeated": 0, "id": 497 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "36" }, { "name": "ValueName", "value": "NSimSun" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\NSimSun" } ], "repeated": 0, "id": 498 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "37" }, { "name": "ValueName", "value": "Microsoft YaHei" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei" } ], "repeated": 0, "id": 499 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "38" }, { "name": "ValueName", "value": "Microsoft YaHei Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei Bold" } ], "repeated": 0, "id": 500 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "39" }, { "name": "ValueName", "value": "Microsoft YaHei UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei UI" } ], "repeated": 0, "id": 501 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "40" }, { "name": "ValueName", "value": "Microsoft YaHei UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei UI Bold" } ], "repeated": 0, "id": 502 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "41" }, { "name": "ValueName", "value": "Microsoft YaHei UI Light" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei UI Light" } ], "repeated": 0, "id": 503 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "42" }, { "name": "ValueName", "value": "Yu Gothic UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI" } ], "repeated": 0, "id": 504 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "43" }, { "name": "ValueName", "value": "Yu Gothic UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Bold" } ], "repeated": 0, "id": 505 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "44" }, { "name": "ValueName", "value": "Yu Gothic UI Light" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Light" } ], "repeated": 0, "id": 506 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "45" }, { "name": "ValueName", "value": "Yu Gothic UI Semilight" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Semilight" } ], "repeated": 0, "id": 507 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "46" }, { "name": "ValueName", "value": "Yu Gothic UI Semibold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Semibold" } ], "repeated": 0, "id": 508 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "47" }, { "name": "ValueName", "value": "Meiryo" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo" } ], "repeated": 0, "id": 509 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "48" }, { "name": "ValueName", "value": "Meiryo Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo Bold" } ], "repeated": 0, "id": 510 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "49" }, { "name": "ValueName", "value": "Meiryo UI" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo UI" } ], "repeated": 0, "id": 511 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "50" }, { "name": "ValueName", "value": "Meiryo UI Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo UI Bold" } ], "repeated": 0, "id": 512 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "51" }, { "name": "ValueName", "value": "MS Gothic" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS Gothic" } ], "repeated": 0, "id": 513 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "52" }, { "name": "ValueName", "value": "MS PGothic" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS PGothic" } ], "repeated": 0, "id": 514 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "53" }, { "name": "ValueName", "value": "MS UI Gothic" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS UI Gothic" } ], "repeated": 0, "id": 515 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "54" }, { "name": "ValueName", "value": "MS Mincho" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS Mincho" } ], "repeated": 0, "id": 516 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "55" }, { "name": "ValueName", "value": "MS PMincho" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS PMincho" } ], "repeated": 0, "id": 517 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "56" }, { "name": "ValueName", "value": "Batang" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Batang" } ], "repeated": 0, "id": 518 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "57" }, { "name": "ValueName", "value": "BatangChe" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\BatangChe" } ], "repeated": 0, "id": 519 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "58" }, { "name": "ValueName", "value": "Dotum" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Dotum" } ], "repeated": 0, "id": 520 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "59" }, { "name": "ValueName", "value": "DotumChe" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\DotumChe" } ], "repeated": 0, "id": 521 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "60" }, { "name": "ValueName", "value": "Gulim" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gulim" } ], "repeated": 0, "id": 522 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "61" }, { "name": "ValueName", "value": "GulimChe" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\GulimChe" } ], "repeated": 0, "id": 523 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "62" }, { "name": "ValueName", "value": "Gungsuh" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gungsuh" } ], "repeated": 0, "id": 524 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "63" }, { "name": "ValueName", "value": "GungsuhChe" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\GungsuhChe" } ], "repeated": 0, "id": 525 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "64" }, { "name": "ValueName", "value": "Malgun Gothic" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Malgun Gothic" } ], "repeated": 0, "id": 526 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "65" }, { "name": "ValueName", "value": "Malgun Gothic Bold" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Malgun Gothic Bold" } ], "repeated": 0, "id": 527 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "66" }, { "name": "ValueName", "value": "Malgun Gothic Semilight" }, { "name": "Type", "value": "7", "pretty_value": "REG_MULTI_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Malgun Gothic Semilight" } ], "repeated": 0, "id": 528 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumValueW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "Index", "value": "67" }, { "name": "ValueName", "value": "" }, { "name": "Type", "value": "0", "pretty_value": "REG_NONE" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\" } ], "repeated": 0, "id": 529 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" } ], "repeated": 0, "id": 530 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d941000" }, { "name": "RegionSize", "value": "0x00007000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 531 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "GetUserDefaultLCID", "status": true, "return": "0x00000c09", "arguments": [ { "name": "SystemDefaultLangID", "value": "0x00000c09" }, { "name": "LanguageName", "value": "English (Australia)" } ], "repeated": 0, "id": 532 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0" }, { "name": "Handle", "value": "0x00000308" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0" } ], "repeated": 0, "id": 533 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "ValueName", "value": "Disable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable" } ], "repeated": 0, "id": 534 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" }, { "name": "ValueName", "value": "DataFilePath" }, { "name": "Data", "value": "C:\\Windows\\Fonts\\staticcache.dat" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath" } ], "repeated": 0, "id": 535 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000308" } ], "repeated": 0, "id": 536 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000308" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\Fonts\\staticcache.dat" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 537 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000308" }, { "name": "HandleName", "value": "C:\\Windows\\Fonts\\StaticCache.dat" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 538 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000308" }, { "name": "HandleName", "value": "C:\\Windows\\Fonts\\StaticCache.dat" }, { "name": "Buffer", "value": "\\x1a\\x83W\\xa5\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00$\\x01\\x00\\x00$)\\x00\\x00\\x00\\x00\\x02\\x00\\xbe\\x02\\x00\\x00<\\x00\\x00\\x00$!\\x00\\x00L)\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00" }, { "name": "Length", "value": "60" } ], "repeated": 0, "id": 539 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000030c" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000308" }, { "name": "FileName", "value": "C:\\Windows\\Fonts\\StaticCache.dat" } ], "repeated": 0, "id": 540 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000030c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267915b0000" }, { "name": "SectionOffset", "value": "0xed18d9c7c0" }, { "name": "ViewSize", "value": "0x01260000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 541 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d948000" }, { "name": "RegionSize", "value": "0x00015000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 542 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d93f000" }, { "name": "RegionSize", "value": "0x0001d000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 543 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d93f000" }, { "name": "RegionSize", "value": "0x0001d000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 544 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 545 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 546 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 547 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 548 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000314" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 549 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 550 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000318" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 551 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000318" } ], "repeated": 0, "id": 552 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000314" } ], "repeated": 0, "id": 553 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" } ], "repeated": 0, "id": 554 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" } ], "repeated": 0, "id": 555 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 556 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "TextShaping.dll" } ], "repeated": 0, "id": 557 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\TextShaping.dll" } ], "repeated": 0, "id": 558 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000310" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\TextShaping.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 559 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000314" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000310" }, { "name": "FileName", "value": "C:\\Windows\\System32\\TextShaping.dll" } ], "repeated": 0, "id": 560 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000314" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c2e0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000ac000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 561 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c32f000" }, { "name": "ModuleName", "value": "TextShaping.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 562 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c32f000" }, { "name": "ModuleName", "value": "TextShaping.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 563 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c32f000" }, { "name": "ModuleName", "value": "TextShaping.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 564 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c32f000" }, { "name": "ModuleName", "value": "TextShaping.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 565 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c32f000" }, { "name": "ModuleName", "value": "TextShaping.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 566 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000314" } ], "repeated": 0, "id": 567 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" } ], "repeated": 0, "id": 568 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c32f000" }, { "name": "ModuleName", "value": "TextShaping.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 569 }, { "timestamp": "2026-05-28 21:44:00,494", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\TextShaping" }, { "name": "DllBase", "value": "0x7ffc1c2e0000" } ], "repeated": 0, "id": 570 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f357000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 571 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\TextShaping" }, { "name": "BaseAddress", "value": "0x7ffc1c2e0000" }, { "name": "InitRoutine", "value": "0x7ffc1c32a790" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 572 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a975000" }, { "name": "ModuleName", "value": "gdi32full.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 573 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a975000" }, { "name": "ModuleName", "value": "gdi32full.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 574 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback" }, { "name": "Handle", "value": "0x00000310" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback" } ], "repeated": 0, "id": 575 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1" } ], "repeated": 0, "id": 576 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane2" }, { "name": "Data", "value": "SimSun-ExtB" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2" } ], "repeated": 0, "id": 577 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3" } ], "repeated": 0, "id": 578 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4" } ], "repeated": 0, "id": 579 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane5" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5" } ], "repeated": 0, "id": 580 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane6" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6" } ], "repeated": 0, "id": 581 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane7" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7" } ], "repeated": 0, "id": 582 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8" } ], "repeated": 0, "id": 583 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane9" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9" } ], "repeated": 0, "id": 584 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane10" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10" } ], "repeated": 0, "id": 585 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane11" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11" } ], "repeated": 0, "id": 586 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane12" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12" } ], "repeated": 0, "id": 587 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane13" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13" } ], "repeated": 0, "id": 588 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane14" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14" } ], "repeated": 0, "id": 589 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane15" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15" } ], "repeated": 0, "id": 590 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryValueExA", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "ValueName", "value": "Plane16" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16" } ], "repeated": 0, "id": 591 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" } ], "repeated": 0, "id": 592 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback" }, { "name": "Handle", "value": "0x00000310" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback" } ], "repeated": 0, "id": 593 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000310" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "4" }, { "name": "MaxSubKeyLength", "value": "13" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "0" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 594 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "MingLiU" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MingLiU" } ], "repeated": 0, "id": 595 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "MingLiU_HKSCS" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MingLiU_HKSCS" } ], "repeated": 0, "id": 596 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "PMingLiU" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\PMingLiU" } ], "repeated": 0, "id": 597 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "SimSun" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\SimSun" } ], "repeated": 0, "id": 598 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000310" }, { "name": "SubKey", "value": "Segoe UI" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI" } ], "repeated": 0, "id": 599 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000310" } ], "repeated": 0, "id": 600 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462018", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#30651" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 601 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f483e08", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462018" } ], "repeated": 0, "id": 602 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461a98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#19" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 603 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4818b8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461a98" } ], "repeated": 0, "id": 604 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 605 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 606 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 607 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 608 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 609 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04e53", "parentcaller": "0x7ff729a04ad8", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 610 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04e73", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\system32\\taskmgr.exe" }, { "name": "ModuleHandle", "value": "0x7ff7299e0000" } ], "repeated": 0, "id": 611 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04e73", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462018", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#30651" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 612 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04e73", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f483e08", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462018" } ], "repeated": 0, "id": 613 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04e73", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461ac8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#22" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 614 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04e73", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4839a0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461ac8" } ], "repeated": 0, "id": 615 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04afd", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db6000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 616 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb79000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 617 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb79000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 618 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 619 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 620 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04ccf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 621 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 0, "id": 622 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 623 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 624 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\taskmgr.exe" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\taskmgr.exe" } ], "repeated": 0, "id": 625 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 626 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 627 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 628 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2ce49000" }, { "name": "ModuleName", "value": "IMM32.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 629 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 630 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 631 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "ChangeWindowMessageFilter", "status": true, "return": "0x00000001", "arguments": [ { "name": "message", "value": "49238" }, { "name": "dwFlag", "value": "1" } ], "repeated": 0, "id": 632 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "ChangeWindowMessageFilter", "status": true, "return": "0x00000001", "arguments": [ { "name": "message", "value": "49239" }, { "name": "dwFlag", "value": "1" } ], "repeated": 0, "id": 633 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 634 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 1, "id": 635 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 636 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtOpenMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" }, { "name": "MutexName", "value": "Local\\MSCTF.Asm.MutexDefault1" } ], "repeated": 0, "id": 637 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 638 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" }, { "name": "Milliseconds", "value": "2000" } ], "repeated": 0, "id": 639 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000320" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\CTF.AsmListCache.FMPDefault1" } ], "repeated": 0, "id": 640 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000320" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f340000" }, { "name": "SectionOffset", "value": "0xed18d9e200" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 641 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f340000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 642 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 643 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 644 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 645 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\taskmgr.exe" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\taskmgr.exe" } ], "repeated": 0, "id": 646 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 1, "id": 647 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetSystemMetrics", "status": false, "return": "0x00000000", "arguments": [ { "name": "SystemMetricIndex", "value": "8192" } ], "repeated": 0, "id": 648 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtOpenMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" }, { "name": "MutexName", "value": "CicLoadWinStaWinSta0" } ], "repeated": 0, "id": 649 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 650 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtOpenMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" }, { "name": "MutexName", "value": "Local\\MSCTF.CtfMonitorInstMutexDefault1" } ], "repeated": 0, "id": 651 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 652 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 653 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 654 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000314" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE" } ], "repeated": 0, "id": 655 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000314" }, { "name": "ValueName", "value": "LaunchUserOOBE" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE" } ], "repeated": 0, "id": 656 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000314" } ], "repeated": 0, "id": 657 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 658 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 659 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 660 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 661 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 662 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 663 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 664 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 665 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 666 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 667 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 668 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 669 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 670 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 671 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 672 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000324" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 673 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000324" } ], "repeated": 0, "id": 674 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 675 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 676 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000031c" } ], "repeated": 0, "id": 677 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 678 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "textinputframework.dll" } ], "repeated": 0, "id": 679 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\textinputframework.dll" } ], "repeated": 0, "id": 680 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000320" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\textinputframework.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 681 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000324" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000320" }, { "name": "FileName", "value": "C:\\Windows\\System32\\TextInputFramework.dll" } ], "repeated": 0, "id": 682 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000324" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fa90000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000f9000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 683 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 684 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb4a000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 685 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb4a000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 686 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb4a000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 687 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb4a000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 688 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb4a000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 689 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "CoreUIComponents.dll" } ], "repeated": 0, "id": 690 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "CoreMessaging.dll" } ], "repeated": 0, "id": 691 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000324" } ], "repeated": 0, "id": 692 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 693 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\CoreUIComponents.dll" } ], "repeated": 0, "id": 694 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000320" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\CoreUIComponents.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 695 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000324" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000320" }, { "name": "FileName", "value": "C:\\Windows\\System32\\CoreUIComponents.dll" } ], "repeated": 0, "id": 696 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000324" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27980000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0035b000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 697 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27c8c000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 698 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27b38000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 699 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27b38000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 700 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27b38000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 701 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27b38000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 702 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27b38000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 703 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "ntmarta.dll" } ], "repeated": 0, "id": 704 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "CoreMessaging.dll" } ], "repeated": 0, "id": 705 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "wintypes.dll" } ], "repeated": 2, "id": 706 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000324" } ], "repeated": 0, "id": 707 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 708 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\CoreMessaging.dll" } ], "repeated": 0, "id": 709 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000320" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\CoreMessaging.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 710 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000324" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000320" }, { "name": "FileName", "value": "C:\\Windows\\System32\\CoreMessaging.dll" } ], "repeated": 0, "id": 711 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000324" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27dc0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000f2000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 712 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 713 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27e56000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 714 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27e56000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 715 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27e56000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 716 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27e56000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 717 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27e56000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 718 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000324" } ], "repeated": 0, "id": 719 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 720 }, { "timestamp": "2026-05-28 21:44:00,744", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\ntmarta.dll" } ], "repeated": 0, "id": 721 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000320" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\ntmarta.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 722 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000032c" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000320" }, { "name": "FileName", "value": "C:\\Windows\\System32\\ntmarta.dll" } ], "repeated": 0, "id": 723 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000032c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298f0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00033000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 724 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29920000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 725 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29914000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 726 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29914000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 727 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29914000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 728 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29914000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 729 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29914000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 730 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000032c" } ], "repeated": 0, "id": 731 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 732 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\CoreMessaging.dll" } ], "repeated": 0, "id": 733 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WinTypes.dll" } ], "repeated": 0, "id": 734 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000320" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WinTypes.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 735 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000032c" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000320" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WinTypes.dll" } ], "repeated": 0, "id": 736 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000032c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26fe0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00155000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 737 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2711d000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 738 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc270d6000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 739 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc270d6000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 740 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc270d6000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 741 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc270d6000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 742 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc270d5000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 743 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000032c" } ], "repeated": 0, "id": 744 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000320" } ], "repeated": 0, "id": 745 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WinTypes.dll" } ], "repeated": 1, "id": 746 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb4a000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 747 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27e56000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 748 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29914000" }, { "name": "ModuleName", "value": "ntmarta.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 749 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc270d5000" }, { "name": "ModuleName", "value": "wintypes.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 750 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27b38000" }, { "name": "ModuleName", "value": "CoreUIComponents.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 751 }, { "timestamp": "2026-05-28 21:44:00,760", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 752 }, { "timestamp": "2026-05-28 21:44:00,775", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\ntmarta" }, { "name": "DllBase", "value": "0x7ffc298f0000" } ], "repeated": 0, "id": 753 }, { "timestamp": "2026-05-28 21:44:01,025", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreMessaging" }, { "name": "DllBase", "value": "0x7ffc27dc0000" } ], "repeated": 0, "id": 754 }, { "timestamp": "2026-05-28 21:44:01,291", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\wintypes" }, { "name": "DllBase", "value": "0x7ffc26fe0000" } ], "repeated": 0, "id": 755 }, { "timestamp": "2026-05-28 21:44:01,447", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\CoreUIComponents" }, { "name": "DllBase", "value": "0x7ffc27980000" } ], "repeated": 0, "id": 756 }, { "timestamp": "2026-05-28 21:44:01,666", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\textinputframework" }, { "name": "DllBase", "value": "0x7ffc1fa90000" } ], "repeated": 0, "id": 757 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\ntmarta" }, { "name": "BaseAddress", "value": "0x7ffc298f0000" }, { "name": "InitRoutine", "value": "0x7ffc298f6930" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 758 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\CoreMessaging" }, { "name": "BaseAddress", "value": "0x7ffc27dc0000" }, { "name": "InitRoutine", "value": "0x7ffc27e170e0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 759 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\WinTypes" }, { "name": "BaseAddress", "value": "0x7ffc26fe0000" }, { "name": "InitRoutine", "value": "0x7ffc2700ad60" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 760 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\CoreUIComponents" }, { "name": "BaseAddress", "value": "0x7ffc27980000" }, { "name": "InitRoutine", "value": "0x7ffc27a02fe0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 761 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f358000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 762 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\TextInputFramework" }, { "name": "BaseAddress", "value": "0x7ffc1fa90000" }, { "name": "InitRoutine", "value": "0x7ffc1face8e0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 763 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 764 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 765 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "NtQueryValueKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000008c" }, { "name": "ValueName", "value": "000603xx" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "Information", "value": "kernel32.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx" } ], "repeated": 0, "id": 766 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "kernel32.dll" }, { "name": "BaseAddress", "value": "0x7ffc2cff0000" } ], "repeated": 0, "id": 767 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2cff0000", "arguments": [ { "name": "lpLibFileName", "value": "kernel32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 768 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "SortGetHandle" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2cffa190" } ], "repeated": 0, "id": 769 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNEL32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2cff0000" }, { "name": "FunctionName", "value": "SortCloseHandle" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d010170" } ], "repeated": 0, "id": 770 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000035c" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 771 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000360" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000035c" }, { "name": "FileName", "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" } ], "repeated": 0, "id": 772 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000360" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26792810000" }, { "name": "SectionOffset", "value": "0xed18d9dbe0" }, { "name": "ViewSize", "value": "0x00338000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 773 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000360" } ], "repeated": 0, "id": 774 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000035c" } ], "repeated": 0, "id": 775 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000035c" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids" } ], "repeated": 0, "id": 776 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\AppCompatClassName" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\AppCompatClassName" } ], "repeated": 0, "id": 777 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb38000" }, { "name": "ModuleName", "value": "OLEAUT32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 778 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb38000" }, { "name": "ModuleName", "value": "OLEAUT32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 779 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtOpenEvent", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "Handle", "value": "0x00000001" }, { "name": "EventName", "value": "Local\\1ImmersiveFocusTrackingActiveEvent" } ], "repeated": 0, "id": 780 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26792b50000" }, { "name": "RegionSize", "value": "0x00100000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 781 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26792b50000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 782 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 0, "id": 783 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 784 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 785 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f359000" }, { "name": "RegionSize", "value": "0x00006000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 786 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\CTF\\" }, { "name": "Handle", "value": "0x00000360" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\" } ], "repeated": 0, "id": 787 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000360" }, { "name": "ValueName", "value": "EnableAnchorContext" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext" } ], "repeated": 0, "id": 788 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000360" } ], "repeated": 0, "id": 789 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 790 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26792c50000" }, { "name": "RegionSize", "value": "0x00800000" }, { "name": "Protection", "value": "0x00000001", "pretty_value": "PAGE_NOACCESS" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 791 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetSystemInfo", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 792 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "58" } ], "repeated": 0, "id": 793 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000036c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 794 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 795 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000398" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 796 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 797 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 798 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 799 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2c7c0000", "arguments": [ { "name": "lpLibFileName", "value": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 800 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "IsGUIThread" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e8050" } ], "repeated": 0, "id": 801 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 802 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 803 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 804 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 805 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 806 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 807 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 808 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 809 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000003a0" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 810 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 811 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 812 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 813 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 814 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 815 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a8" } ], "repeated": 0, "id": 816 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a4" } ], "repeated": 0, "id": 817 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a0" } ], "repeated": 0, "id": 818 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003a0" } ], "repeated": 0, "id": 819 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 820 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "RegisterClassExW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7c72c0" } ], "repeated": 0, "id": 821 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 822 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 823 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "CreateWindowExW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7c7720" } ], "repeated": 0, "id": 824 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 825 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 826 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "DefWindowProcW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18ccb0" } ], "repeated": 0, "id": 827 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 828 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 829 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "SetWindowLongPtrW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7cb7c0" } ], "repeated": 0, "id": 830 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 831 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "user32" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 832 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 833 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "SetTimer" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e3c70" } ], "repeated": 0, "id": 834 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 835 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 836 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 837 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2c7c0000", "arguments": [ { "name": "lpLibFileName", "value": "ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 838 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "" }, { "name": "Ordinal", "value": "2612" }, { "name": "FunctionAddress", "value": "0x7ffc2c7ebab0" } ], "repeated": 0, "id": 839 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 840 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 841 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetWindowLongPtrW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7cf830" } ], "repeated": 0, "id": 842 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 843 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 844 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetWindowThreadProcessId" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7c3500" } ], "repeated": 0, "id": 845 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 846 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 847 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "SendMessageCallbackW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e7e20" } ], "repeated": 0, "id": 848 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 849 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793450000" }, { "name": "RegionSize", "value": "0x00100000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 850 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793450000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 851 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000360" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 852 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 853 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "api-ms-win-core-com-l1-1-0.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 854 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b400000", "arguments": [ { "name": "lpLibFileName", "value": "api-ms-win-core-com-l1-1-0.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 855 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "CoCreateGuid" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4537e0" } ], "repeated": 0, "id": 856 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 857 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 858 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26792c50000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 859 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 860 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "" }, { "name": "Ordinal", "value": "2582" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e70e0" } ], "repeated": 0, "id": 861 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27ea0000" }, { "name": "ModuleName", "value": "CoreMessaging.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 862 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793452000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 863 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 864 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "srand", "status": true, "return": "0x00000000", "arguments": [ { "name": "seed", "value": "0x6a18b721" } ], "repeated": 0, "id": 865 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 866 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 867 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 868 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 869 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 870 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 871 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 872 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 873 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000003b0" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 874 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 875 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 876 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 877 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 878 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 879 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" } ], "repeated": 0, "id": 880 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 881 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b0" } ], "repeated": 0, "id": 882 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b0" } ], "repeated": 0, "id": 883 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows" }, { "name": "Handle", "value": "0x000003b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows" } ], "repeated": 0, "id": 884 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "ValueName", "value": "IsVailContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer" } ], "repeated": 0, "id": 885 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 886 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Input" }, { "name": "Handle", "value": "0x000003b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Input" } ], "repeated": 0, "id": 887 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "ValueName", "value": "ResyncResetTime" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime" } ], "repeated": 0, "id": 888 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "ValueName", "value": "MaxResyncAttempts" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts" } ], "repeated": 0, "id": 889 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 890 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 891 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 892 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f261000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 893 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 894 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 895 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 896 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 897 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 898 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1fb84000" }, { "name": "ModuleName", "value": "textinputframework.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 899 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 900 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b390000" }, { "name": "ModuleName", "value": "MSCTF.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 901 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrGetDllHandle", "status": false, "return": "0xffffffffc0000135", "pretty_return": "DLL_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "iertutil.dll" }, { "name": "ModuleHandle", "value": "0x4031c471a94c5fd2" } ], "repeated": 0, "id": 902 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "synchronization", "api": "NtOpenEvent", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "Handle", "value": "0xed18d9ef90" }, { "name": "EventName", "value": "Local\\1ImmersiveFocusTrackingActiveEvent" } ], "repeated": 0, "id": 903 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 1, "id": 904 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04afd", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "USER32" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 905 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04afd", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ffc2c7c0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#32512" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 906 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04ccf", "parentcaller": "0x7ff729a04afd", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ffc2c7c0000" }, { "name": "Type", "value": "#22" }, { "name": "Name", "value": "#32512" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 907 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\msctf.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b280000" } ], "repeated": 0, "id": 908 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b280000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\MSCTF.dll" }, { "name": "dwFlags", "value": "0x00000008" } ], "repeated": 0, "id": 909 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a04afd", "parentcaller": "0x7ff729a06ebc", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 0, "id": 910 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a0640d", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 911 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a0640d", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 912 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a0640d", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 913 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a0640d", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQuerySystemInformation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18d690" } ], "repeated": 0, "id": 914 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a0640d", "parentcaller": "0x7ff729a0528d", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "134" } ], "repeated": 0, "id": 915 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 916 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 917 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 918 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 919 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 920 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 921 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 922 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 923 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 924 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 925 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 926 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 927 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 928 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" } ], "repeated": 0, "id": 929 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" } ], "repeated": 0, "id": 930 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 931 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 932 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "MutexName", "value": "Local\\SM0:14276:120:WilError_03" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 933 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 934 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 935 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 936 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 937 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 938 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" } ], "repeated": 0, "id": 939 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" } ], "repeated": 0, "id": 940 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 941 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 942 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 943 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 944 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\QfePolicyDefinitions\\{A48F1A32-A340-11D1-BC6B-00A0C90312E1}\\{572FD217-F7FF-479C-8D96-BC938D6867F5}" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\QfePolicyDefinitions\\{A48F1A32-A340-11D1-BC6B-00A0C90312E1}\\{572FD217-F7FF-479C-8D96-BC938D6867F5}" } ], "repeated": 0, "id": 945 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 946 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "policymanager.dll" } ], "repeated": 0, "id": 947 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\policymanager.dll" } ], "repeated": 0, "id": 948 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000003b4" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\policymanager.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 949 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000003b8" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000003b4" }, { "name": "FileName", "value": "C:\\Windows\\System32\\policymanager.dll" } ], "repeated": 0, "id": 950 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000003b8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23b90000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x000a1000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 951 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 952 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 953 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 954 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 955 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 956 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 957 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "msvcp110_win.dll" } ], "repeated": 0, "id": 958 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" } ], "repeated": 0, "id": 959 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 960 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\msvcp110_win.dll" } ], "repeated": 0, "id": 961 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000003b4" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\msvcp110_win.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 962 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000003b8" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000003b4" }, { "name": "FileName", "value": "C:\\Windows\\System32\\msvcp110_win.dll" } ], "repeated": 0, "id": 963 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000003b8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29860000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0008a000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 964 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 965 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 966 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 967 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 968 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 969 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b8" } ], "repeated": 0, "id": 970 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003b4" } ], "repeated": 0, "id": 971 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c08000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 972 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0T\\x8f\\x8dg\\x02\\x00\\x00\\x847\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xaa\\x8e\\x8dg\\x02\\x00\\x00\\x8c6\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x12\\x8f\\x8dg\\x02\\x00\\x00\\xf06\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00`L\\x8e\\x8dg\\x02\\x00\\x00\\xf46\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x8e\\x8dg\\x02\\x00\\x00\\x986\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xb7\\x91\\x8dg\\x02\\x00\\x00t4\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 973 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc298ad000" }, { "name": "ModuleName", "value": "msvcp110_win.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 974 }, { "timestamp": "2026-05-28 21:44:01,869", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\msvcp110_win" }, { "name": "DllBase", "value": "0x7ffc29860000" } ], "repeated": 0, "id": 975 }, { "timestamp": "2026-05-28 21:44:02,088", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\policymanager" }, { "name": "DllBase", "value": "0x7ffc23b90000" } ], "repeated": 0, "id": 976 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793453000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 977 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\msvcp110_win" }, { "name": "BaseAddress", "value": "0x7ffc29860000" }, { "name": "InitRoutine", "value": "0x7ffc298a5870" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 978 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\policymanager" }, { "name": "BaseAddress", "value": "0x7ffc23b90000" }, { "name": "InitRoutine", "value": "0x7ffc23b99ed0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 979 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 980 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 981 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 982 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 983 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching" }, { "name": "Handle", "value": "0x000003bc" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching" } ], "repeated": 0, "id": 984 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "PolicyType" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\PolicyType" } ], "repeated": 0, "id": 985 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "Behavior" }, { "name": "Data", "value": "8225" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Behavior" } ], "repeated": 0, "id": 986 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "MergeAlgorithm" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\MergeAlgorithm" } ], "repeated": 0, "id": 987 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "RegKeyPathRedirectMapped" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirectMapped" } ], "repeated": 0, "id": 988 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirect" } ], "repeated": 0, "id": 989 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 990 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc23c2e000" }, { "name": "ModuleName", "value": "policymanager.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 991 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "RegKeyPathRedirect" }, { "name": "Data", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirect" } ], "repeated": 0, "id": 992 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "RegValueNameRedirect" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegValueNameRedirect" } ], "repeated": 0, "id": 993 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "RegValueNameRedirect" }, { "name": "Data", "value": "HideFastUserSwitching" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegValueNameRedirect" } ], "repeated": 0, "id": 994 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "grouppolicyname" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\grouppolicyname" } ], "repeated": 0, "id": 995 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "ADMXMetadataUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataUser" } ], "repeated": 0, "id": 996 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "ADMXMetadataDevice" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataDevice" } ], "repeated": 0, "id": 997 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "ADMXMetadataBoth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataBoth" } ], "repeated": 0, "id": 998 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "30Value" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\30Value" } ], "repeated": 0, "id": 999 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "Value" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Value" } ], "repeated": 0, "id": 1000 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" } ], "repeated": 0, "id": 1001 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" }, { "name": "Handle", "value": "0x000003bc" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" } ], "repeated": 0, "id": 1002 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "HideFastUserSwitching" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\HideFastUserSwitching" } ], "repeated": 0, "id": 1003 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a06426", "parentcaller": "0x7ff729a0528d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" } ], "repeated": 0, "id": 1004 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a053fd", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x000003bc" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 1005 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a053fd", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003bc" }, { "name": "ValueName", "value": "StartUpTab" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab" } ], "repeated": 0, "id": 1006 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a053fd", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003bc" } ], "repeated": 0, "id": 1007 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a053fd", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 1008 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e50d0", "parentcaller": "0x7ff7299e501f", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "Comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 1009 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e50d0", "parentcaller": "0x7ff7299e501f", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "Comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 1010 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e50a7", "parentcaller": "0x7ff7299e501f", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "DPA_Create" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1727e360" } ], "repeated": 0, "id": 1011 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e1f6c", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d95d000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1012 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e1fda", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d961000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1013 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e2002", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d964000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1014 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e2055", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d967000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1015 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e2080", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d96a000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1016 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10d59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1017 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10d59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1018 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10de4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1019 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10de4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1020 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003d4" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime" } ], "repeated": 0, "id": 1021 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003d8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d4" }, { "name": "ObjectAttributesName", "value": "ActivatableClassId" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId" } ], "repeated": 0, "id": 1022 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003dc" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d8" }, { "name": "ObjectAttributesName", "value": "Windows.Networking.UX.UXManager" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager" } ], "repeated": 0, "id": 1023 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003dc" }, { "name": "KeyInformation", "value": "7_\\xffea\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00>\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00i\\x00n\\x00g\\x00.\\x00U\\x00X\\x00.\\x00U\\x00X\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffb8\\xffcff\\x14\\xfffc\\x7f\\x00\\x00@\\xff8c\\xff95\\xff8dg\\x02\\x00\\x00\\xfff8\\xff81f\\x14\\xfffc\\x7f\\x00\\x00\\x19\\x01\\x02\\x00g\\x02\\x00\\x00\\xff8f'3;\\xff97\\xffb6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00x\\xfff1\\xffd9\\x18\\xffed\\x00\\x00\\x00\\x1f!3;\\xff97\\xffb6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffe8\\xff94\\xff8dg\\x02\\x00\\x000z\\xffab)\\xfff7\\x7f\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffe0\\x06\\xff95\\xff8dg\\x02\\x00\\x00\\xffc0\\xfff1\\xffd9\\x18\\xffed\\x00\\x00\\x00\\xffe4ID\\x14\\xfffc\\x7f\\x00\\x000z\\xffab)\\xfff7\\x7f\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffb8\\xffcff\\x14\\xfffc\\x7f\\x00\\x00\\xffe0\\x06\\xff95\\xff8dg\\x02\\x00\\x00\\xfff8\\xff81f\\x14\\xfffc\\x7f\\x00\\x00\\x19\\x01\\x02\\x00g\\x02\\x00\\x00h\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffb0\\xfff1\\xffd9\\x18\\xffed\\x00\\x00\\x00\\xff98\\xff85f\\x14\\xfffc\\x7f\\x00\\x00\\xffc0\\xfff1\\xffd9\\x18\\xffed\\x00\\x00\\x00`\\x08\\xff95\\xff8dg\\x02\\x00\\x00\\xffb0tE+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00@\\xfff3\\xffd9\\x18\\xffed\\x00\\x00\\x00\\xffe0\\x06\\xff95\\xff8dg\\x02\\x00\\x00p\\xffe8\\xff94\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00|\\x08\\xff95\\xff8dg\\x02\\x00\\x000\\x00\\x00\\x00g\\x02\\x00\\x00\\xffd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xfff1\\xffd9\\x18\\xffed\\x00\\x00\\x00@\\x00\\x00\\x00\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\x06\\xff95\\xff8dg\\x02\\x00\\x00\\x19hE+\\xfffc\\x7f\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 1024 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivationType" } ], "repeated": 0, "id": 1025 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Server" } ], "repeated": 0, "id": 1026 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\NetworkUXBroker.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\DllPath" } ], "repeated": 0, "id": 1027 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Threading" } ], "repeated": 0, "id": 1028 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\TrustLevel" } ], "repeated": 0, "id": 1029 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000003dc" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\CustomAttributes" } ], "repeated": 0, "id": 1030 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\RemoteServer" } ], "repeated": 0, "id": 1031 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateAsUser" } ], "repeated": 0, "id": 1032 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInSharedBroker" } ], "repeated": 0, "id": 1033 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 1034 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Permissions" } ], "repeated": 0, "id": 1035 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateOnHostFlags" } ], "repeated": 0, "id": 1036 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis" } ], "repeated": 0, "id": 1037 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" } ], "repeated": 0, "id": 1038 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000003dc" } ], "repeated": 0, "id": 1039 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " \\xf4\\xd9\\x18\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\xff\\xff\\xff\\xff\\xf8\\x81f\\x14\\xfc\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc0f\\x14\\xfc\\x7f\\x00\\x00\\xf8\\xf4\\xd9\\x18\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\x02\\xdc*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1040 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" } ], "repeated": 0, "id": 1041 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\OLE" }, { "name": "Handle", "value": "0x000003dc" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE" } ], "repeated": 0, "id": 1042 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000003dc" }, { "name": "ValueName", "value": "MaxSxSHashCount" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount" } ], "repeated": 0, "id": 1043 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003dc" } ], "repeated": 0, "id": 1044 }, { "timestamp": "2026-05-28 21:44:02,307", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\NetworkUXBroker" }, { "name": "DllBase", "value": "0x7ffc1d240000" } ], "repeated": 0, "id": 1045 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\NetworkUXBroker.dll" }, { "name": "BaseAddress", "value": "0x7ffc1d240000" } ], "repeated": 0, "id": 1046 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc1d240000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\NetworkUXBroker.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 1047 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1d240000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1d242930" } ], "repeated": 0, "id": 1048 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1d240000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1d242750" } ], "repeated": 0, "id": 1049 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1d240000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1d242d40" } ], "repeated": 0, "id": 1050 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1d2a5000" }, { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1051 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1d2a5000" }, { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1052 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1d2a5000" }, { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1053 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1d2a5000" }, { "name": "ModuleName", "value": "NetworkUXBroker.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1054 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e35bf", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1055 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000e" }, { "name": "TokenHandle", "value": "0x000003e0" } ], "repeated": 0, "id": 1056 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e0" } ], "repeated": 0, "id": 1057 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000003e0" }, { "name": "DesiredAccess", "value": "0x80000000", "pretty_value": "0x80000000" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" } ], "repeated": 0, "id": 1058 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000003e0" }, { "name": "ValueName", "value": "shellExperience" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience" } ], "repeated": 0, "id": 1059 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": " \\xf2\\xd9\\x18\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00 \\x02\\x00\\x00\\xd0\\x81<%\\x1e2\\x005\\xb7x)\\x13I=\\x97*\\xee\\xce'\\xd6\\x97\\xec#0mJQa\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 1060 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e0" } ], "repeated": 0, "id": 1061 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e4" } ], "repeated": 0, "id": 1062 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793454000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1063 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "services", "api": "OpenSCManagerW", "status": true, "return": "0x2678d94bae0", "arguments": [ { "name": "MachineName", "value": "" }, { "name": "DatabaseName", "value": "ServicesActive" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "SC_MANAGER_CONNECT" } ], "repeated": 0, "id": 1064 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "services", "api": "OpenServiceW", "status": true, "return": "0x2678d94bba0", "arguments": [ { "name": "ServiceControlManager", "value": "0x2678d94bae0" }, { "name": "ServiceName", "value": "wlansvc" }, { "name": "DesiredAccess", "value": "0x00000004", "pretty_value": "SERVICE_QUERY_STATUS" } ], "repeated": 0, "id": 1065 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "services", "api": "OpenSCManagerW", "status": true, "return": "0x2678d94b960", "arguments": [ { "name": "MachineName", "value": "" }, { "name": "DatabaseName", "value": "ServicesActive" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "SC_MANAGER_CONNECT" } ], "repeated": 0, "id": 1066 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "services", "api": "OpenServiceW", "status": true, "return": "0x2678d94b990", "arguments": [ { "name": "ServiceControlManager", "value": "0x2678d94b960" }, { "name": "ServiceName", "value": "wwansvc" }, { "name": "DesiredAccess", "value": "0x00000004", "pretty_value": "SERVICE_QUERY_STATUS" } ], "repeated": 0, "id": 1067 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SYSTEM\\CurrentControlSet\\Control\\NetworkUXManager" }, { "name": "Handle", "value": "0x000003e8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\NetworkUXManager" } ], "repeated": 0, "id": 1068 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e8" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "Windows.Networking.UX.Internal.DAMediaManager" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager" } ], "repeated": 0, "id": 1069 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003e8" }, { "name": "SubKey", "value": "Windows.Networking.UX.Internal.DAMediaManager" }, { "name": "Handle", "value": "0x000003ec" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager" } ], "repeated": 0, "id": 1070 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "Active" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\Active" } ], "repeated": 0, "id": 1071 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "MediaType" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\MediaType" } ], "repeated": 0, "id": 1072 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" } ], "repeated": 0, "id": 1073 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e8" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "Windows.Networking.UX.Internal.EthernetMediaManager" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager" } ], "repeated": 0, "id": 1074 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003e8" }, { "name": "SubKey", "value": "Windows.Networking.UX.Internal.EthernetMediaManager" }, { "name": "Handle", "value": "0x000003ec" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager" } ], "repeated": 0, "id": 1075 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "Active" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\Active" } ], "repeated": 0, "id": 1076 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "MediaType" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\MediaType" } ], "repeated": 0, "id": 1077 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" } ], "repeated": 0, "id": 1078 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e8" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "Windows.Networking.UX.Internal.MBMediaManager" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager" } ], "repeated": 0, "id": 1079 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003e8" }, { "name": "SubKey", "value": "Windows.Networking.UX.Internal.MBMediaManager" }, { "name": "Handle", "value": "0x000003ec" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager" } ], "repeated": 0, "id": 1080 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "Active" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\Active" } ], "repeated": 0, "id": 1081 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "MediaType" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\MediaType" } ], "repeated": 0, "id": 1082 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" } ], "repeated": 0, "id": 1083 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e8" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "Windows.Networking.UX.Internal.RasMediaManager" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager" } ], "repeated": 0, "id": 1084 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003e8" }, { "name": "SubKey", "value": "Windows.Networking.UX.Internal.RasMediaManager" }, { "name": "Handle", "value": "0x000003ec" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager" } ], "repeated": 0, "id": 1085 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "Active" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\Active" } ], "repeated": 0, "id": 1086 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "MediaType" }, { "name": "Data", "value": "5" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\MediaType" } ], "repeated": 0, "id": 1087 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" } ], "repeated": 0, "id": 1088 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003e8" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "Windows.Networking.UX.Internal.WlanMediaManager" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager" } ], "repeated": 0, "id": 1089 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000003e8" }, { "name": "SubKey", "value": "Windows.Networking.UX.Internal.WlanMediaManager" }, { "name": "Handle", "value": "0x000003ec" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager" } ], "repeated": 0, "id": 1090 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "Active" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\Active" } ], "repeated": 0, "id": 1091 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" }, { "name": "ValueName", "value": "MediaType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\MediaType" } ], "repeated": 0, "id": 1092 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003ec" } ], "repeated": 0, "id": 1093 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e36c5", "parentcaller": "0x7ff7299e3545", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x000003e8" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\" } ], "repeated": 0, "id": 1094 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e20ab", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d96e000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1095 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff7299e2b84", "parentcaller": "0x7ff7299e20bb", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 1096 }, { "timestamp": "2026-05-28 21:44:02,604", "thread_id": "14212", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e20e6", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d971000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1097 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a02d65", "parentcaller": "0x7ff729a0467a", "category": "misc", "api": "GetSystemMetrics", "status": false, "return": "0x00000000", "arguments": [ { "name": "SystemMetricIndex", "value": "4096" } ], "repeated": 3, "id": 1098 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a02d65", "parentcaller": "0x7ff729a0467a", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 1099 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a02d65", "parentcaller": "0x7ff729a0467a", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1100 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a02d65", "parentcaller": "0x7ff729a0467a", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\DirectUI\\DynamicScaling" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectUI\\DynamicScaling" } ], "repeated": 0, "id": 1101 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a01165", "parentcaller": "0x7ff729a01076", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000020" }, { "name": "TokenHandle", "value": "0x000003f0" } ], "repeated": 0, "id": 1102 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a011eb", "parentcaller": "0x7ff729a01076", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000003f0" } ], "repeated": 0, "id": 1103 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff729a010b8", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000003f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x2678d95a2f0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "10832" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "taskmgr.exe" } ], "repeated": 0, "id": 1104 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff729a010b8", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000003f8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x2678d95a2f0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "10832" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 1105 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461948", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "UIFILE" }, { "name": "Name", "value": "#30024" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1106 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49e058", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461948" } ], "repeated": 0, "id": 1107 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x000061e0", "arguments": [ { "name": "ModuleHandle", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461948" } ], "repeated": 0, "id": 1108 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1109 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1110 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 2, "id": 1111 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d976000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1112 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1113 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d979000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1114 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d97b000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1115 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d97e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1116 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d97f000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1117 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 2, "id": 1118 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1119 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1120 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d981000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1121 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1122 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1123 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1124 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1125 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d982000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1126 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1127 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1128 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d984000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1129 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1130 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d987000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1131 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d989000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1132 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d98c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1133 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d98e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1134 }, { "timestamp": "2026-05-28 21:44:02,619", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1135 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02de5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d98f000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1136 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461938", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "UIFILE" }, { "name": "Name", "value": "#30001" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1137 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4a4238", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461938" } ], "repeated": 0, "id": 1138 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x0000f328", "arguments": [ { "name": "ModuleHandle", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461938" } ], "repeated": 0, "id": 1139 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 1140 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d992000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1141 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d994000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1142 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d995000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1143 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1144 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1145 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1146 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1147 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1148 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1149 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d996000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1150 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2116" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1151 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a628", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c58" } ], "repeated": 0, "id": 1152 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d997000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1153 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d999000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1154 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d99c000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1155 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d99e000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1156 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9a1000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1157 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9a3000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1158 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a03045", "parentcaller": "0x7ff729a02e31", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9a6000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1159 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04216", "parentcaller": "0x7ff729a02e44", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 1160 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9a9000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1161 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9ae000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1162 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9b3000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1163 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9b8000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1164 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9bd000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1165 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9c2000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1166 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9c7000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1167 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251e98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2327" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1168 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25c708", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251e98" } ], "repeated": 0, "id": 1169 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251e88", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2326" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1170 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25c4a0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251e88" } ], "repeated": 0, "id": 1171 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a0f0b2", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9cc000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1172 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251fd8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2688" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1173 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25e3f4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251fd8" } ], "repeated": 0, "id": 1174 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251fd8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2688" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1175 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25e3f4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251fd8" } ], "repeated": 0, "id": 1176 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251e98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2327" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1177 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25c708", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251e98" } ], "repeated": 0, "id": 1178 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9cf000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1179 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251b88", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2089" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1180 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f2575bc", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251b88" } ], "repeated": 0, "id": 1181 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff7299fdcda", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9d0000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1182 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff7299fdcda", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9d1000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1183 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 1184 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c88", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2139" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1185 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a724", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c88" } ], "repeated": 0, "id": 1186 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9d2000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1187 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 1188 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c88", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2139" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1189 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a724", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c88" } ], "repeated": 0, "id": 1190 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9d4000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1191 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2140" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1192 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a768", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c98" } ], "repeated": 0, "id": 1193 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9d7000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1194 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2140" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1195 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a768", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c98" } ], "repeated": 0, "id": 1196 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d9d8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1197 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 1, "id": 1198 }, { "timestamp": "2026-05-28 21:44:02,635", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\atlthunk" }, { "name": "DllBase", "value": "0x7ffc0d2a0000" } ], "repeated": 0, "id": 1199 }, { "timestamp": "2026-05-28 21:44:02,666", "thread_id": "11032", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 2, "id": 1200 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "atlthunk.dll" }, { "name": "BaseAddress", "value": "0x7ffc0d2a0000" } ], "repeated": 0, "id": 1201 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc0d2a0000", "arguments": [ { "name": "lpLibFileName", "value": "atlthunk.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 1202 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "atlthunk.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0d2a0000" }, { "name": "FunctionName", "value": "AtlThunk_AllocateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0d2a4300" } ], "repeated": 0, "id": 1203 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "atlthunk.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0d2a0000" }, { "name": "FunctionName", "value": "AtlThunk_InitData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0d2a4590" } ], "repeated": 0, "id": 1204 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "atlthunk.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0d2a0000" }, { "name": "FunctionName", "value": "AtlThunk_DataToCode" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0d2a4010" } ], "repeated": 0, "id": 1205 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "atlthunk.dll" }, { "name": "ModuleHandle", "value": "0x7ffc0d2a0000" }, { "name": "FunctionName", "value": "AtlThunk_FreeData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc0d2a45b0" } ], "repeated": 0, "id": 1206 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 1207 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 1208 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "RegisterClassNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17275670" } ], "repeated": 0, "id": 1209 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x0000035c" }, { "name": "ValueName", "value": "en-AU" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-AU" } ], "repeated": 0, "id": 1210 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x0000035c" }, { "name": "ValueName", "value": "en" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en" } ], "repeated": 0, "id": 1211 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "11032", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1212 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "11032", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2d142b30" }, { "name": "Parameter", "value": "0x2678d8e0b50" } ], "repeated": 0, "id": 1213 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1214 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1215 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1216 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db7000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1217 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1218 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000408" }, { "name": "MutexName", "value": "Local\\SessionImmersiveColorMutex" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 1219 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000408" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1220 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000040c" }, { "name": "DesiredAccess", "value": "0x000f001f" }, { "name": "ObjectAttributes", "value": "Local\\SessionImmersiveColorPreference" } ], "repeated": 0, "id": 1221 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000040c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f340000" }, { "name": "SectionOffset", "value": "0xed18d9ed50" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1222 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 1223 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1224 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Accent" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Accent" } ], "repeated": 0, "id": 1225 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 1226 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1227 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Policies\\Microsoft\\Windows\\Personalization" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization" } ], "repeated": 0, "id": 1228 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 1229 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1230 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Policies\\Microsoft\\Windows\\Personalization" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization" } ], "repeated": 0, "id": 1231 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1232 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": " \\xec\\xd9\\x18\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90|\\x1c(\\xfc\\x7f\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xcf\\x08,\\xfc\\x7f\\x00\\x00\\x10\\xed\\xd9\\x18\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 1233 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000410" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 1234 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000410" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 1235 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000414" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000410" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize" } ], "repeated": 0, "id": 1236 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" }, { "name": "ValueName", "value": "AppsUseLightTheme" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme" } ], "repeated": 0, "id": 1237 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" } ], "repeated": 0, "id": 1238 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" } ], "repeated": 0, "id": 1239 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000408" } ], "repeated": 0, "id": 1240 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 5, "id": 1241 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936e0000" }, { "name": "RegionSize", "value": "0x00100000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1242 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936e0000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1243 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 1244 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 1245 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 1246 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "RegisterClassNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17275670" } ], "repeated": 0, "id": 1247 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00001022" }, { "name": "uiParam", "value": "0x00000000" } ], "repeated": 0, "id": 1248 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1249 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1250 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299f9cd4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1251 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299f9e14", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 1252 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299f9e14", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQuerySystemInformation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18d690" } ], "repeated": 0, "id": 1253 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff7299f9e14", "parentcaller": "0x7ff729a04000", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "134" } ], "repeated": 0, "id": 1254 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1255 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x00000410" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 1256 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 1257 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" } ], "repeated": 0, "id": 1258 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1259 }, { "timestamp": "2026-05-28 21:44:03,010", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1260 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 1261 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 1262 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "RegisterClassNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17275670" } ], "repeated": 0, "id": 1263 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 1264 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xf0\\xdf\\xd9\\x18\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc4\\x1e\\xd2*\\xfc\\x7f\\x00\\x00\\x8b}|,\\xfc\\x7f\\x00\\x00Xy|,\\x00\\x00\\x00\\x00\\xa2w|,\\xfc\\x7f\\x00\\x00`\\xc2|,\\xfc\\x7f\\x00\\x00" } ], "repeated": 0, "id": 1265 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000410" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 1266 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "misc", "api": "GetSystemMetrics", "status": false, "return": "0x00000000", "arguments": [ { "name": "SystemMetricIndex", "value": "4096" } ], "repeated": 0, "id": 1267 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000414" } ], "repeated": 0, "id": 1268 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" } ], "repeated": 0, "id": 1269 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000410" }, { "name": "SubKey", "value": "Control Panel\\Desktop" }, { "name": "Handle", "value": "0x00000414" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Control Panel\\Desktop" } ], "repeated": 0, "id": 1270 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000414" }, { "name": "ValueName", "value": "SmoothScroll" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll" } ], "repeated": 0, "id": 1271 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" } ], "repeated": 0, "id": 1272 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000414" } ], "repeated": 0, "id": 1273 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" } ], "repeated": 0, "id": 1274 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000410" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" }, { "name": "Handle", "value": "0x00000414" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 1275 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000414" }, { "name": "ValueName", "value": "EnableBalloonTips" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips" } ], "repeated": 0, "id": 1276 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" }, { "name": "ValueName", "value": "ListviewAlphaSelect" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect" } ], "repeated": 0, "id": 1277 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" }, { "name": "ValueName", "value": "ListviewShadow" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow" } ], "repeated": 0, "id": 1278 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000414" } ], "repeated": 0, "id": 1279 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" } ], "repeated": 0, "id": 1280 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" }, { "name": "Handle", "value": "0x00000410" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 1281 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "ValueName", "value": "AccListViewV6" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6" } ], "repeated": 0, "id": 1282 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" } ], "repeated": 0, "id": 1283 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" }, { "name": "Handle", "value": "0x00000410" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 1284 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "ValueName", "value": "UseDoubleClickTimer" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer" } ], "repeated": 0, "id": 1285 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" } ], "repeated": 0, "id": 1286 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1287 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1288 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936e5000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1289 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1290 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x2678d95a2f0" } ], "repeated": 0, "id": 1291 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299ebc41", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936e6000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1292 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e17c4", "parentcaller": "0x7ff7299e1834", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000414" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ff7299e3a10" }, { "name": "Parameter", "value": "0x267936e7ee0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "13188" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "taskmgr.exe" } ], "repeated": 0, "id": 1293 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e17c4", "parentcaller": "0x7ff7299e1834", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000414", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ff7299e3a10" }, { "name": "Parameter", "value": "0x267936e7ee0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "13188" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 1294 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e1bcb", "parentcaller": "0x7ff7299e184d", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "FILE_READ_ACCESS" }, { "name": "FileName", "value": "\\Device\\PcwDrv" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1295 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e1bcb", "parentcaller": "0x7ff7299e184d", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224003" }, { "name": "InputBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": " \\x04\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1296 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e1c48", "parentcaller": "0x7ff7299e184d", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224007" }, { "name": "InputBuffer", "value": "\\x01\\xfc*\\x00\\x02\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xfc\\x7f\\x00\\x00 \\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\xab)\\xf7\\x7f\\x00\\x00\\xc0x\\xab)\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x0c\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1297 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e1d04", "parentcaller": "0x7ff7299e184d", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224003" }, { "name": "InputBuffer", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "$\\x04\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1298 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e1d7c", "parentcaller": "0x7ff7299e184d", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224007" }, { "name": "InputBuffer", "value": "\\x00\\xfc0\\x00\\x02\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xfc\\x7f\\x00\\x00$\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xc8x\\xab)\\xf7\\x7f\\x00\\x00\\xc0x\\xab)\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1299 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299f4a58", "parentcaller": "0x7ff7299f4bdc", "category": "device", "api": "NtDeviceIoControlFile", "status": false, "return": "0xffffffff80000005", "pretty_return": "BUFFER_OVERFLOW", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224013" }, { "name": "InputBuffer", "value": " \\x04\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "" } ], "repeated": 0, "id": 1300 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0b3c8", "parentcaller": "0x7ff7299f4b5f", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlNtStatusToDosErrorNoTeb" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d1659b0" } ], "repeated": 0, "id": 1301 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299f4a58", "parentcaller": "0x7ff7299f4bdc", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224013" }, { "name": "InputBuffer", "value": " \\x04\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\xb8\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x01\\x00\\x00 \\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x04\\x00\\x00\\x000\\x00,\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x08\\x00\\x10^_\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x05\\x00\\x08\\x00\\xfc\\xeb\\xb1\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1a\\x00\\x08\\x00\\xf6/\rV\\x04\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1b\\x00\\x04\\x00Y\\x87[\\x19\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x04\\x00\\x00\\x000\\x00,\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x08\\x00\\x18\r\\x8f\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x05\\x00\\x08\\x00:\\xd3t\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1a\\x00\\x08\\x00Q\\x90\\x86!\\x04\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1b\\x00\\x04\\x00\\\\x87[\\x19\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x02\\x00\\x00\\x00(\\x00\\x00\\x00\\x04\\x00\\x00\\x00" } ], "repeated": 0, "id": 1302 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299f4a58", "parentcaller": "0x7ff7299f4c19", "category": "device", "api": "NtDeviceIoControlFile", "status": false, "return": "0xffffffff80000005", "pretty_return": "BUFFER_OVERFLOW", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224013" }, { "name": "InputBuffer", "value": "$\\x04\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "" } ], "repeated": 0, "id": 1303 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299f4a58", "parentcaller": "0x7ff7299f4c19", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224013" }, { "name": "InputBuffer", "value": "$\\x04\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "x\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x02\\x00\\x00\\x00d\\x00e\\x00f\\x00a\\x00u\\x00l\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x08\\x00S+}\\xce\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x08\\x00\\x00.f\\x13\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1304 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e15f8", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936e9000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1305 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff7299e163d", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000440" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936e82b0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "13608" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "taskmgr.exe" } ], "repeated": 0, "id": 1306 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff7299e163d", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000440", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936e82b0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "13608" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 1307 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e1647", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936ec000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1308 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e3253", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936ef000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1309 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e16c8", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936f2000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1310 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff7299e170d", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000450" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936f0bc0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "12440" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "taskmgr.exe" } ], "repeated": 0, "id": 1311 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff7299e170d", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000450", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936f0bc0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "12440" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 1312 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a13417", "parentcaller": "0x7ff7299e28b7", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936f5000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1313 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e2cfb", "parentcaller": "0x7ff7299e2c19", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000458" }, { "name": "DesiredAccess", "value": "0x00000006" }, { "name": "ObjectAttributes", "value": "windows_shell_global_counters" } ], "repeated": 0, "id": 1314 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e2cfb", "parentcaller": "0x7ff7299e2c19", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000458" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f4c0000" }, { "name": "SectionOffset", "value": "0xed1947f4b0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1315 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e2cfb", "parentcaller": "0x7ff7299e2c19", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 1316 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e2cfb", "parentcaller": "0x7ff7299e2c19", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 1317 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff7299e28f3", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000464" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936f2eb0" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "5800" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "taskmgr.exe" } ], "repeated": 0, "id": 1318 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e305b", "parentcaller": "0x7ff7299e28f3", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x00000464", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936f2eb0" }, { "name": "CreationFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "5800" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 1319 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299ed9af", "parentcaller": "0x7ff729a09f92", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "23" }, { "name": "ThreadInformation", "value": "\\x1a9\\x81\\x00\\x00\\x00\\x00\\x00kv\\x99\\x9cL\\x02\\x00\\x00" }, { "name": "ThreadId", "value": "10832" } ], "repeated": 0, "id": 1320 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299f63dd", "parentcaller": "0x7ff7299eac26", "category": "misc", "api": "NtQuerySystemInformation", "status": false, "return": "0xffffffffc0000004", "pretty_return": "INFO_LENGTH_MISMATCH", "arguments": [ { "name": "SystemInformationClass", "value": "5", "pretty_value": "FILE_OVERWRITE_IF" } ], "repeated": 0, "id": 1321 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299e84ea", "parentcaller": "0x7ff7299eac5d", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267936f8000" }, { "name": "RegionSize", "value": "0x00037000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1322 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299f63dd", "parentcaller": "0x7ff7299eac26", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "5", "pretty_value": "FILE_OVERWRITE_IF" } ], "repeated": 0, "id": 1323 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299eda50", "parentcaller": "0x7ff729a09f92", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "23" }, { "name": "ThreadInformation", "value": "Z\\xc2\\xe7\\x00\\x00\\x00\\x00\\x00#\\xd8v\\x9eL\\x02\\x00\\x00" }, { "name": "ThreadId", "value": "10832" } ], "repeated": 0, "id": 1324 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff7299edaa2", "parentcaller": "0x7ff729a09f92", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "3", "pretty_value": "FILE_OPEN_IF" } ], "repeated": 0, "id": 1325 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 1326 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "WTSAPI32.dll" } ], "repeated": 0, "id": 1327 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\wtsapi32.dll" } ], "repeated": 0, "id": 1328 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000046c" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\wtsapi32.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1329 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000470" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000046c" }, { "name": "FileName", "value": "C:\\Windows\\System32\\wtsapi32.dll" } ], "repeated": 0, "id": 1330 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000470" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27460000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00014000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1331 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27471000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1332 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2746b000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1333 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2746b000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1334 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2746b000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1335 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2746b000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1336 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2746b000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1337 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000470" } ], "repeated": 0, "id": 1338 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046c" } ], "repeated": 0, "id": 1339 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2746b000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1340 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\WTSAPI32" }, { "name": "DllBase", "value": "0x7ffc27460000" } ], "repeated": 0, "id": 1341 }, { "timestamp": "2026-05-28 21:44:03,025", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1342 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "12948", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 2, "id": 1343 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 1344 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 1345 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "RegisterClassNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17275670" } ], "repeated": 0, "id": 1346 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 1347 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db8000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1348 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x00000404" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 1349 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000404" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 1350 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000404" } ], "repeated": 0, "id": 1351 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "UxSubclassInfo" }, { "name": "Atom", "value": "0x0000c018" } ], "repeated": 1, "id": 1352 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x00000404" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 1353 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000404" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 1354 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04000", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000404" } ], "repeated": 0, "id": 1355 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f349", "parentcaller": "0x7ff729a04000", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 1356 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a0f349", "parentcaller": "0x7ff729a04000", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00001022" }, { "name": "uiParam", "value": "0x00000000" } ], "repeated": 0, "id": 1357 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 1358 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x00000404" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 1359 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000404" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 1360 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000404" } ], "repeated": 0, "id": 1361 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x00000404" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 1362 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000404" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 1363 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04000", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000404" } ], "repeated": 0, "id": 1364 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 1365 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251e98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2327" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1366 }, { "timestamp": "2026-05-28 21:44:03,135", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25c708", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251e98" } ], "repeated": 0, "id": 1367 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251e98", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2327" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1368 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25c708", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251e98" } ], "repeated": 0, "id": 1369 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679372f000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1370 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793732000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1371 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793733000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1372 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793736000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1373 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1374 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 1375 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1376 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 1377 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679373b000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1378 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1379 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 1380 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679373e000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1381 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a0a3ae", "parentcaller": "0x7ff729a04106", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793741000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1382 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1383 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 1384 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f38", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2439" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1385 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d778", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f38" } ], "repeated": 0, "id": 1386 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251fa8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2565" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1387 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25df94", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251fa8" } ], "repeated": 0, "id": 1388 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251fa8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2565" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1389 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25df94", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251fa8" } ], "repeated": 0, "id": 1390 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793744000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1391 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251e88", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2326" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1392 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25c4a0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251e88" } ], "repeated": 0, "id": 1393 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a0a4af", "parentcaller": "0x7ff729a04106", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793747000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1394 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679374a000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1395 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679374c000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1396 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793751000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1397 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a0a46e", "parentcaller": "0x7ff729a04106", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679375a000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1398 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679375d000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1399 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793766000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1400 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793768000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1401 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679376d000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1402 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 1403 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678d832000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1404 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 5, "id": 1405 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 1406 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793776000" }, { "name": "RegionSize", "value": "0x00012000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1407 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#2" }, { "name": "Name", "value": "#31222" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1408 }, { "timestamp": "2026-05-28 21:44:03,150", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 3, "id": 1409 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\wtsapi32" }, { "name": "BaseAddress", "value": "0x7ffc27460000" }, { "name": "InitRoutine", "value": "0x7ffc274628c0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1410 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1411 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11b61", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1412 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 1413 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "WINSTA.dll" } ], "repeated": 0, "id": 1414 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\winsta.dll" } ], "repeated": 0, "id": 1415 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000046c" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\winsta.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1416 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000474" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000046c" }, { "name": "FileName", "value": "C:\\Windows\\System32\\winsta.dll" } ], "repeated": 0, "id": 1417 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000474" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a500000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0005b000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1418 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a558000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1419 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a53a000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1420 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a53a000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1421 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a53a000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1422 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a53a000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1423 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a539000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1424 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000474" } ], "repeated": 0, "id": 1425 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000046c" } ], "repeated": 0, "id": 1426 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a539000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1427 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\WINSTA" }, { "name": "DllBase", "value": "0x7ffc2a500000" } ], "repeated": 0, "id": 1428 }, { "timestamp": "2026-05-28 21:44:05,072", "thread_id": "12948", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1429 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\winsta" }, { "name": "BaseAddress", "value": "0x7ffc2a500000" }, { "name": "InitRoutine", "value": "0x7ffc2a50b910" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1430 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27471000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1431 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27471000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1432 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a558000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1433 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a558000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1434 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "ntdll.dll" }, { "name": "BaseAddress", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 1435 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2d0f0000", "arguments": [ { "name": "lpLibFileName", "value": "ntdll.dll" }, { "name": "dwFlags", "value": "0x00000800" } ], "repeated": 0, "id": 1436 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlGetSuiteMask" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d12cc10" } ], "repeated": 0, "id": 1437 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a558000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1438 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a558000" }, { "name": "ModuleName", "value": "WINSTA.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1439 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000474" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1440 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "synchronization", "api": "NtOpenEvent", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "EventName", "value": "Global\\TermSrvReadyEvent" } ], "repeated": 0, "id": 1441 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1442 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1443 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 1444 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "WindowsCodecs.dll" } ], "repeated": 0, "id": 1445 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WindowsCodecs.dll" } ], "repeated": 0, "id": 1446 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000480" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WindowsCodecs.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 1447 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000480" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WindowsCodecs.dll" } ], "repeated": 0, "id": 1448 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25c40000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x001b4000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1449 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25dec000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1450 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25da0000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1451 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25da0000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1452 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25da0000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1453 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25da0000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1454 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25da0000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1455 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1456 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000480" } ], "repeated": 0, "id": 1457 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc25da0000" }, { "name": "ModuleName", "value": "WindowsCodecs.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1458 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x8c\\x90\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xa3\\x90\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xaa\\x90\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x8c\\x90\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xa5\\x90\\x8dg\\x02\\x00\\x00" } ], "repeated": 0, "id": 1459 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\WindowsCodecs" }, { "name": "DllBase", "value": "0x7ffc25c40000" } ], "repeated": 0, "id": 1460 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "13188", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1461 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "13188", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff7299e3a10" }, { "name": "Parameter", "value": "0x267936e7ee0" } ], "repeated": 0, "id": 1462 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "13188", "caller": "0x7ff7299e5d5f", "parentcaller": "0x7ff7299e3a61", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000484" } ], "repeated": 0, "id": 1463 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "13188", "caller": "0x7ff7299e5d5f", "parentcaller": "0x7ff7299e3a61", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000488" } ], "repeated": 0, "id": 1464 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "13188", "caller": "0x7ff7299e3c77", "parentcaller": "0x7ff7299e3c07", "category": "system", "api": "CreateTimerQueueTimer", "status": true, "return": "0x00000001", "arguments": [ { "name": "phNewTimer", "value": "0x2678d9932c0" }, { "name": "TimerQueue", "value": "0x00000000" }, { "name": "Callback", "value": "0x29a44c70" }, { "name": "Parameter", "value": "0x1957fe70" }, { "name": "DueTime", "value": "5000" }, { "name": "Period", "value": "1000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 1465 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1466 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1467 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1468 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1469 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1470 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1471 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1472 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff729a0ea27", "parentcaller": "0x7ff7299eae2b", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1473 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000048c" } ], "repeated": 0, "id": 1474 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1475 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1476 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "synchronization", "api": "NtOpenEvent", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "EventName", "value": "Global\\TermSrvReadyEvent" } ], "repeated": 0, "id": 1477 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1478 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 1479 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1480 }, { "timestamp": "2026-05-28 21:44:07,463", "thread_id": "10832", "caller": "0x7ff7299e747a", "parentcaller": "0x7ff7299e6ac3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1481 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e737a", "parentcaller": "0x7ff7299e6adb", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000048c" } ], "repeated": 0, "id": 1482 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e737a", "parentcaller": "0x7ff7299e6adb", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1483 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e737a", "parentcaller": "0x7ff7299e6adb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1484 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e737a", "parentcaller": "0x7ff7299e6adb", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 2, "id": 1485 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e737a", "parentcaller": "0x7ff7299e6adb", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1486 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e72a3", "parentcaller": "0x7ff7299e6af5", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000048c" } ], "repeated": 0, "id": 1487 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e72a3", "parentcaller": "0x7ff7299e6af5", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1488 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e72a3", "parentcaller": "0x7ff7299e6af5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1489 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e72a3", "parentcaller": "0x7ff7299e6af5", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 2, "id": 1490 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e72a3", "parentcaller": "0x7ff7299e6af5", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1491 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e70f6", "parentcaller": "0x7ff7299e6b0a", "category": "misc", "api": "GetComputerNameW", "status": true, "return": "0x00000001", "arguments": [ { "name": "ComputerName", "value": "JOHNS-PC" } ], "repeated": 0, "id": 1492 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000048c" } ], "repeated": 0, "id": 1493 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1494 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1495 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 1, "id": 1496 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1497 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1498 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1499 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1500 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1501 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1502 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 1503 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1504 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000048c" } ], "repeated": 0, "id": 1505 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 1506 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048c" } ], "repeated": 0, "id": 1507 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 2, "id": 1508 }, { "timestamp": "2026-05-28 21:44:07,635", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 1509 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\WindowsCodecs" }, { "name": "BaseAddress", "value": "0x7ffc25c40000" }, { "name": "InitRoutine", "value": "0x7ffc25cb6a50" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 1510 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1511 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1512 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "IMAGE" }, { "name": "Name", "value": "#31222" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1513 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "PNGFILE" }, { "name": "Name", "value": "#31222" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1514 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f4618e8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "PNG" }, { "name": "Name", "value": "#31222" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1515 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4b6d38", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4618e8" } ], "repeated": 0, "id": 1516 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x000003b6", "arguments": [ { "name": "ModuleHandle", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4618e8" } ], "repeated": 0, "id": 1517 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793455000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1518 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793456000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1519 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0xfffffffc" } ], "repeated": 0, "id": 1520 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance" }, { "name": "Handle", "value": "0x00000486" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance" } ], "repeated": 0, "id": 1521 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "{41945702-8302-44A6-9445-AC98E8AFA086}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}" } ], "repeated": 0, "id": 1522 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000486" }, { "name": "SubKey", "value": "{41945702-8302-44A6-9445-AC98E8AFA086}" }, { "name": "Handle", "value": "0x0000048e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}" } ], "repeated": 0, "id": 1523 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" }, { "name": "ValueName", "value": "CLSID" }, { "name": "Data", "value": "{41945702-8302-44A6-9445-AC98E8AFA086}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID" } ], "repeated": 0, "id": 1524 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}" }, { "name": "Handle", "value": "0x00000492" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}" } ], "repeated": 0, "id": 1525 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Author" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author" } ], "repeated": 0, "id": 1526 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Author" }, { "name": "Data", "value": "Microsoft Corporation" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author" } ], "repeated": 0, "id": 1527 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FriendlyName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName" } ], "repeated": 0, "id": 1528 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FriendlyName" }, { "name": "Data", "value": "Microsoft Raw Image Decoder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName" } ], "repeated": 0, "id": 1529 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Version" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version" } ], "repeated": 0, "id": 1530 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Version" }, { "name": "Data", "value": "10.0.19041.3636" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version" } ], "repeated": 0, "id": 1531 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SpecVersion" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion" } ], "repeated": 0, "id": 1532 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SpecVersion" }, { "name": "Data", "value": "1.0.0.0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion" } ], "repeated": 0, "id": 1533 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Vendor" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor" } ], "repeated": 0, "id": 1534 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Vendor" }, { "name": "Data", "value": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor" } ], "repeated": 0, "id": 1535 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "InProcServer32" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InProcServer32" } ], "repeated": 0, "id": 1536 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)" } ], "repeated": 0, "id": 1537 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "%SystemRoot%\\system32\\MSRAWImage.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)" } ], "repeated": 0, "id": 1538 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1539 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ContainerFormat" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat" } ], "repeated": 0, "id": 1540 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ContainerFormat" }, { "name": "Data", "value": "{FE99CE60-F19C-433C-A3AE-00ACEFA9CA21}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat" } ], "repeated": 0, "id": 1541 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "DeviceManufacturer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer" } ], "repeated": 0, "id": 1542 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "DeviceModels" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels" } ], "repeated": 0, "id": 1543 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ColorManagementVersion" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion" } ], "repeated": 0, "id": 1544 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ColorManagementVersion" }, { "name": "Data", "value": "1.0.0.0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion" } ], "repeated": 0, "id": 1545 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "MimeTypes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes" } ], "repeated": 0, "id": 1546 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "MimeTypes" }, { "name": "Data", "value": "image/3FR,image/ARI,image/ARW,image/BAY,image/CAP,image/CR2,image/CR3,image/CRW,image/DCS,image/DCR,image/DRF,image/EIP,image/ERF,image/FFF,image/IIQ,image/K25,image/KDC,image/MEF,image/MOS,image/MRW,image/NEF,image/NRW,image/ORF,image/ORI,image/PEF,image/" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes" } ], "repeated": 0, "id": 1547 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FileExtensions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions" } ], "repeated": 0, "id": 1548 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FileExtensions" }, { "name": "Data", "value": ".3FR,.ARI,.ARW,.BAY,.CAP,.CR2,.CR3,.CRW,.DCS,.DCR,.DRF,.EIP,.ERF,.FFF,.IIQ,.K25,.KDC,.MEF,.MOS,.MRW,.NEF,.NRW,.ORF,.ORI,.PEF,.PTX,.PXN,.RAF,.RAW,.RW2,.RWL,.SR2,.SRF,.SRW,.X3F,.DNG" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions" } ], "repeated": 0, "id": 1549 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportAnimation" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation" } ], "repeated": 0, "id": 1550 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportChromakey" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey" } ], "repeated": 0, "id": 1551 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportLossless" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless" } ], "repeated": 0, "id": 1552 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportMultiframe" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe" } ], "repeated": 0, "id": 1553 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ArbitrationPriority" }, { "name": "Data", "value": "10" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority" } ], "repeated": 0, "id": 1554 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "Formats" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats" } ], "repeated": 0, "id": 1555 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90D}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90D}" } ], "repeated": 0, "id": 1556 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats\\" } ], "repeated": 0, "id": 1557 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1558 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "Patterns" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns" } ], "repeated": 0, "id": 1559 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "0" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0" } ], "repeated": 0, "id": 1560 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "0" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0" } ], "repeated": 0, "id": 1561 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern" } ], "repeated": 0, "id": 1562 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1563 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "1" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1" } ], "repeated": 0, "id": 1564 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "1" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1" } ], "repeated": 0, "id": 1565 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern" } ], "repeated": 0, "id": 1566 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1567 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "10" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10" } ], "repeated": 0, "id": 1568 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "10" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10" } ], "repeated": 0, "id": 1569 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern" } ], "repeated": 0, "id": 1570 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1571 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "11" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11" } ], "repeated": 0, "id": 1572 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "11" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11" } ], "repeated": 0, "id": 1573 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern" } ], "repeated": 0, "id": 1574 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1575 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "12" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12" } ], "repeated": 0, "id": 1576 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "12" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12" } ], "repeated": 0, "id": 1577 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern" } ], "repeated": 0, "id": 1578 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1579 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "13" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13" } ], "repeated": 0, "id": 1580 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "13" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13" } ], "repeated": 0, "id": 1581 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern" } ], "repeated": 0, "id": 1582 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1583 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "6" }, { "name": "Name", "value": "14" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14" } ], "repeated": 0, "id": 1584 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "14" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14" } ], "repeated": 0, "id": 1585 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern" } ], "repeated": 0, "id": 1586 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1587 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "7" }, { "name": "Name", "value": "2" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2" } ], "repeated": 0, "id": 1588 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "2" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2" } ], "repeated": 0, "id": 1589 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern" } ], "repeated": 0, "id": 1590 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1591 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "8" }, { "name": "Name", "value": "3" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3" } ], "repeated": 0, "id": 1592 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "3" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3" } ], "repeated": 0, "id": 1593 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern" } ], "repeated": 0, "id": 1594 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1595 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "9" }, { "name": "Name", "value": "4" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4" } ], "repeated": 0, "id": 1596 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "4" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4" } ], "repeated": 0, "id": 1597 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern" } ], "repeated": 0, "id": 1598 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1599 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "10" }, { "name": "Name", "value": "5" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5" } ], "repeated": 0, "id": 1600 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "5" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5" } ], "repeated": 0, "id": 1601 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern" } ], "repeated": 0, "id": 1602 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1603 }, { "timestamp": "2026-05-28 21:44:10,963", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "11" }, { "name": "Name", "value": "6" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6" } ], "repeated": 0, "id": 1604 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "6" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6" } ], "repeated": 0, "id": 1605 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern" } ], "repeated": 0, "id": 1606 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1607 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "12" }, { "name": "Name", "value": "7" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7" } ], "repeated": 0, "id": 1608 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "7" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7" } ], "repeated": 0, "id": 1609 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern" } ], "repeated": 0, "id": 1610 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1611 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "13" }, { "name": "Name", "value": "8" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8" } ], "repeated": 0, "id": 1612 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "8" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8" } ], "repeated": 0, "id": 1613 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern" } ], "repeated": 0, "id": 1614 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1615 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "14" }, { "name": "Name", "value": "9" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9" } ], "repeated": 0, "id": 1616 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "9" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9" } ], "repeated": 0, "id": 1617 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern" } ], "repeated": 0, "id": 1618 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1619 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "15" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\" } ], "repeated": 0, "id": 1620 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793459000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1621 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "0" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0" } ], "repeated": 0, "id": 1622 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "0" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0" } ], "repeated": 0, "id": 1623 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position" } ], "repeated": 0, "id": 1624 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream" } ], "repeated": 0, "id": 1625 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MM\\x00*" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern" } ], "repeated": 0, "id": 1626 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask" } ], "repeated": 0, "id": 1627 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask" } ], "repeated": 0, "id": 1628 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1629 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "1" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1" } ], "repeated": 0, "id": 1630 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "1" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1" } ], "repeated": 0, "id": 1631 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position" } ], "repeated": 0, "id": 1632 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream" } ], "repeated": 0, "id": 1633 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "II*\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern" } ], "repeated": 0, "id": 1634 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask" } ], "repeated": 0, "id": 1635 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask" } ], "repeated": 0, "id": 1636 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1637 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "10" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10" } ], "repeated": 0, "id": 1638 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "10" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10" } ], "repeated": 0, "id": 1639 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position" } ], "repeated": 0, "id": 1640 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream" } ], "repeated": 0, "id": 1641 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MMMMRaw\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern" } ], "repeated": 0, "id": 1642 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask" } ], "repeated": 0, "id": 1643 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask" } ], "repeated": 0, "id": 1644 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1645 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "11" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11" } ], "repeated": 0, "id": 1646 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "11" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11" } ], "repeated": 0, "id": 1647 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position" } ], "repeated": 0, "id": 1648 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream" } ], "repeated": 0, "id": 1649 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIU\\x00\\x08\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern" } ], "repeated": 0, "id": 1650 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask" } ], "repeated": 0, "id": 1651 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask" } ], "repeated": 0, "id": 1652 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1653 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "12" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12" } ], "repeated": 0, "id": 1654 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "12" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12" } ], "repeated": 0, "id": 1655 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position" } ], "repeated": 0, "id": 1656 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream" } ], "repeated": 0, "id": 1657 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIU\\x00\\x18\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern" } ], "repeated": 0, "id": 1658 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask" } ], "repeated": 0, "id": 1659 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask" } ], "repeated": 0, "id": 1660 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1661 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "13" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13" } ], "repeated": 0, "id": 1662 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "13" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13" } ], "repeated": 0, "id": 1663 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position" } ], "repeated": 0, "id": 1664 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream" } ], "repeated": 0, "id": 1665 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "FOVb" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern" } ], "repeated": 0, "id": 1666 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask" } ], "repeated": 0, "id": 1667 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask" } ], "repeated": 0, "id": 1668 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1669 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "6" }, { "name": "Name", "value": "14" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14" } ], "repeated": 0, "id": 1670 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "14" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14" } ], "repeated": 0, "id": 1671 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position" } ], "repeated": 0, "id": 1672 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream" } ], "repeated": 0, "id": 1673 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "ftypcrx " }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern" } ], "repeated": 0, "id": 1674 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask" } ], "repeated": 0, "id": 1675 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask" } ], "repeated": 0, "id": 1676 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1677 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "7" }, { "name": "Name", "value": "2" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2" } ], "repeated": 0, "id": 1678 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "2" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2" } ], "repeated": 0, "id": 1679 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position" } ], "repeated": 0, "id": 1680 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream" } ], "repeated": 0, "id": 1681 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIRO" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern" } ], "repeated": 0, "id": 1682 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask" } ], "repeated": 0, "id": 1683 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask" } ], "repeated": 0, "id": 1684 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1685 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "8" }, { "name": "Name", "value": "3" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3" } ], "repeated": 0, "id": 1686 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "3" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3" } ], "repeated": 0, "id": 1687 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position" } ], "repeated": 0, "id": 1688 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream" } ], "repeated": 0, "id": 1689 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIRS" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern" } ], "repeated": 0, "id": 1690 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask" } ], "repeated": 0, "id": 1691 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask" } ], "repeated": 0, "id": 1692 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1693 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "9" }, { "name": "Name", "value": "4" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4" } ], "repeated": 0, "id": 1694 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "4" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4" } ], "repeated": 0, "id": 1695 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position" } ], "repeated": 0, "id": 1696 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream" } ], "repeated": 0, "id": 1697 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MMOR" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern" } ], "repeated": 0, "id": 1698 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask" } ], "repeated": 0, "id": 1699 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask" } ], "repeated": 0, "id": 1700 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1701 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "10" }, { "name": "Name", "value": "5" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5" } ], "repeated": 0, "id": 1702 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "5" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5" } ], "repeated": 0, "id": 1703 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position" } ], "repeated": 0, "id": 1704 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream" } ], "repeated": 0, "id": 1705 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MMSR" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern" } ], "repeated": 0, "id": 1706 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask" } ], "repeated": 0, "id": 1707 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask" } ], "repeated": 0, "id": 1708 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1709 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "11" }, { "name": "Name", "value": "6" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6" } ], "repeated": 0, "id": 1710 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "6" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6" } ], "repeated": 0, "id": 1711 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position" } ], "repeated": 0, "id": 1712 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream" } ], "repeated": 0, "id": 1713 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "II\\x1a\\x00\\x00\\x00HE" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern" } ], "repeated": 0, "id": 1714 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask" } ], "repeated": 0, "id": 1715 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask" } ], "repeated": 0, "id": 1716 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1717 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "12" }, { "name": "Name", "value": "7" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7" } ], "repeated": 0, "id": 1718 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "7" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7" } ], "repeated": 0, "id": 1719 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position" } ], "repeated": 0, "id": 1720 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream" } ], "repeated": 0, "id": 1721 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "FUJIFILM" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern" } ], "repeated": 0, "id": 1722 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask" } ], "repeated": 0, "id": 1723 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask" } ], "repeated": 0, "id": 1724 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1725 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "13" }, { "name": "Name", "value": "8" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8" } ], "repeated": 0, "id": 1726 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "8" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8" } ], "repeated": 0, "id": 1727 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position" } ], "repeated": 0, "id": 1728 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream" } ], "repeated": 0, "id": 1729 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "\\x00MRM" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern" } ], "repeated": 0, "id": 1730 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask" } ], "repeated": 0, "id": 1731 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask" } ], "repeated": 0, "id": 1732 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1733 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "14" }, { "name": "Name", "value": "9" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9" } ], "repeated": 0, "id": 1734 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "9" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9" } ], "repeated": 0, "id": 1735 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position" } ], "repeated": 0, "id": 1736 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream" } ], "repeated": 0, "id": 1737 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIII\\x00waR" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern" } ], "repeated": 0, "id": 1738 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask" } ], "repeated": 0, "id": 1739 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask" } ], "repeated": 0, "id": 1740 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1741 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "15" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\" } ], "repeated": 0, "id": 1742 }, { "timestamp": "2026-05-28 21:44:10,979", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1743 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1744 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" } ], "repeated": 0, "id": 1745 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" } ], "repeated": 0, "id": 1746 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000486" }, { "name": "SubKey", "value": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" }, { "name": "Handle", "value": "0x0000048e" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" } ], "repeated": 0, "id": 1747 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" }, { "name": "ValueName", "value": "CLSID" }, { "name": "Data", "value": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID" } ], "repeated": 0, "id": 1748 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" }, { "name": "Handle", "value": "0x00000492" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" } ], "repeated": 0, "id": 1749 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Author" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author" } ], "repeated": 0, "id": 1750 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Author" }, { "name": "Data", "value": "Microsoft Corporation" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author" } ], "repeated": 0, "id": 1751 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FriendlyName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName" } ], "repeated": 0, "id": 1752 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FriendlyName" }, { "name": "Data", "value": "Microsoft Camera Raw Decoder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName" } ], "repeated": 0, "id": 1753 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Version" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version" } ], "repeated": 0, "id": 1754 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Version" }, { "name": "Data", "value": "10.0.19041.3636" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version" } ], "repeated": 0, "id": 1755 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SpecVersion" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion" } ], "repeated": 0, "id": 1756 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SpecVersion" }, { "name": "Data", "value": "1.0.0.0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion" } ], "repeated": 0, "id": 1757 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Vendor" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor" } ], "repeated": 0, "id": 1758 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "Vendor" }, { "name": "Data", "value": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor" } ], "repeated": 0, "id": 1759 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "InProcServer32" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InProcServer32" } ], "repeated": 0, "id": 1760 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)" } ], "repeated": 0, "id": 1761 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\WindowsCodecsRaw.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)" } ], "repeated": 0, "id": 1762 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1763 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ContainerFormat" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat" } ], "repeated": 0, "id": 1764 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ContainerFormat" }, { "name": "Data", "value": "{C1FC85CB-D64F-478B-A4EC-69ADC9EE1392}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat" } ], "repeated": 0, "id": 1765 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "DeviceManufacturer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer" } ], "repeated": 0, "id": 1766 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "DeviceModels" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels" } ], "repeated": 0, "id": 1767 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ColorManagementVersion" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion" } ], "repeated": 0, "id": 1768 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ColorManagementVersion" }, { "name": "Data", "value": "1.0.0.0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion" } ], "repeated": 0, "id": 1769 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "MimeTypes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes" } ], "repeated": 0, "id": 1770 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "MimeTypes" }, { "name": "Data", "value": "image/ARW,image/CR2,image/CRW,image/ERF,image/KDC,image/MRW,image/NEF,image/NRW,image/ORF,image/PEF,image/RAF,image/RAW,image/RW2,image/RWL,image/SR2,image/SRW,image/DNG" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes" } ], "repeated": 0, "id": 1771 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FileExtensions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions" } ], "repeated": 0, "id": 1772 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "FileExtensions" }, { "name": "Data", "value": ".ARW,.CR2,.CRW,.ERF,.KDC,.MRW,.NEF,.NRW,.ORF,.PEF,.RAF,.RAW,.RW2,.RWL,.SR2,.SRW,.DNG" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions" } ], "repeated": 0, "id": 1773 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportAnimation" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation" } ], "repeated": 0, "id": 1774 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportChromakey" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey" } ], "repeated": 0, "id": 1775 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportLossless" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless" } ], "repeated": 0, "id": 1776 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "SupportMultiframe" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe" } ], "repeated": 0, "id": 1777 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" }, { "name": "ValueName", "value": "ArbitrationPriority" }, { "name": "Data", "value": "9" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority" } ], "repeated": 0, "id": 1778 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "Formats" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats" } ], "repeated": 0, "id": 1779 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90C}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90C}" } ], "repeated": 0, "id": 1780 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90D}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90D}" } ], "repeated": 0, "id": 1781 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90E}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90E}" } ], "repeated": 0, "id": 1782 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90F}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90F}" } ], "repeated": 0, "id": 1783 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC910}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC910}" } ], "repeated": 0, "id": 1784 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC915}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC915}" } ], "repeated": 0, "id": 1785 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "6" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC916}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC916}" } ], "repeated": 0, "id": 1786 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "7" }, { "name": "Name", "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC917}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC917}" } ], "repeated": 0, "id": 1787 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "8" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\" } ], "repeated": 0, "id": 1788 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1789 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000492" }, { "name": "SubKey", "value": "Patterns" }, { "name": "Handle", "value": "0x00000496" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns" } ], "repeated": 0, "id": 1790 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "0" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0" } ], "repeated": 0, "id": 1791 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "0" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0" } ], "repeated": 0, "id": 1792 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern" } ], "repeated": 0, "id": 1793 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1794 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "1" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1" } ], "repeated": 0, "id": 1795 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "1" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1" } ], "repeated": 0, "id": 1796 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern" } ], "repeated": 0, "id": 1797 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1798 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "10" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10" } ], "repeated": 0, "id": 1799 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "10" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10" } ], "repeated": 0, "id": 1800 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern" } ], "repeated": 0, "id": 1801 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1802 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "11" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11" } ], "repeated": 0, "id": 1803 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "11" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11" } ], "repeated": 0, "id": 1804 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern" } ], "repeated": 0, "id": 1805 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1806 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "12" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12" } ], "repeated": 0, "id": 1807 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "12" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12" } ], "repeated": 0, "id": 1808 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern" } ], "repeated": 0, "id": 1809 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1810 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "2" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2" } ], "repeated": 0, "id": 1811 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "2" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2" } ], "repeated": 0, "id": 1812 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern" } ], "repeated": 0, "id": 1813 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1814 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "6" }, { "name": "Name", "value": "3" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3" } ], "repeated": 0, "id": 1815 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "3" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3" } ], "repeated": 0, "id": 1816 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern" } ], "repeated": 0, "id": 1817 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1818 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "7" }, { "name": "Name", "value": "4" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4" } ], "repeated": 0, "id": 1819 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "4" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4" } ], "repeated": 0, "id": 1820 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern" } ], "repeated": 0, "id": 1821 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1822 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "8" }, { "name": "Name", "value": "5" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5" } ], "repeated": 0, "id": 1823 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "5" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5" } ], "repeated": 0, "id": 1824 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern" } ], "repeated": 0, "id": 1825 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1826 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "9" }, { "name": "Name", "value": "6" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6" } ], "repeated": 0, "id": 1827 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "6" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6" } ], "repeated": 0, "id": 1828 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern" } ], "repeated": 0, "id": 1829 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1830 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "10" }, { "name": "Name", "value": "7" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7" } ], "repeated": 0, "id": 1831 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "7" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7" } ], "repeated": 0, "id": 1832 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern" } ], "repeated": 0, "id": 1833 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1834 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "11" }, { "name": "Name", "value": "8" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8" } ], "repeated": 0, "id": 1835 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "8" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8" } ], "repeated": 0, "id": 1836 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern" } ], "repeated": 0, "id": 1837 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1838 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "12" }, { "name": "Name", "value": "9" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9" } ], "repeated": 0, "id": 1839 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "9" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9" } ], "repeated": 0, "id": 1840 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern" } ], "repeated": 0, "id": 1841 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1842 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "13" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\" } ], "repeated": 0, "id": 1843 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "0" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0" } ], "repeated": 0, "id": 1844 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "0" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0" } ], "repeated": 0, "id": 1845 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position" } ], "repeated": 0, "id": 1846 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream" } ], "repeated": 0, "id": 1847 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MM\\x00*" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern" } ], "repeated": 0, "id": 1848 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask" } ], "repeated": 0, "id": 1849 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask" } ], "repeated": 0, "id": 1850 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1851 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "1" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1" } ], "repeated": 0, "id": 1852 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "1" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1" } ], "repeated": 0, "id": 1853 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position" } ], "repeated": 0, "id": 1854 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream" } ], "repeated": 0, "id": 1855 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "II*\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern" } ], "repeated": 0, "id": 1856 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask" } ], "repeated": 0, "id": 1857 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask" } ], "repeated": 0, "id": 1858 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1859 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "10" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10" } ], "repeated": 0, "id": 1860 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "10" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10" } ], "repeated": 0, "id": 1861 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position" } ], "repeated": 0, "id": 1862 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream" } ], "repeated": 0, "id": 1863 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MMMMRaw\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern" } ], "repeated": 0, "id": 1864 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask" } ], "repeated": 0, "id": 1865 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask" } ], "repeated": 0, "id": 1866 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1867 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "11" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11" } ], "repeated": 0, "id": 1868 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "11" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11" } ], "repeated": 0, "id": 1869 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position" } ], "repeated": 0, "id": 1870 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream" } ], "repeated": 0, "id": 1871 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIU\\x00\\x08\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern" } ], "repeated": 0, "id": 1872 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask" } ], "repeated": 0, "id": 1873 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask" } ], "repeated": 0, "id": 1874 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1875 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "12" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12" } ], "repeated": 0, "id": 1876 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "12" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12" } ], "repeated": 0, "id": 1877 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position" } ], "repeated": 0, "id": 1878 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream" } ], "repeated": 0, "id": 1879 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIU\\x00\\x18\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern" } ], "repeated": 0, "id": 1880 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask" } ], "repeated": 0, "id": 1881 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask" } ], "repeated": 0, "id": 1882 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1883 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "2" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2" } ], "repeated": 0, "id": 1884 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "2" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2" } ], "repeated": 0, "id": 1885 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position" } ], "repeated": 0, "id": 1886 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream" } ], "repeated": 0, "id": 1887 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIRO" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern" } ], "repeated": 0, "id": 1888 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask" } ], "repeated": 0, "id": 1889 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask" } ], "repeated": 0, "id": 1890 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1891 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "6" }, { "name": "Name", "value": "3" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3" } ], "repeated": 0, "id": 1892 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "3" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3" } ], "repeated": 0, "id": 1893 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position" } ], "repeated": 0, "id": 1894 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream" } ], "repeated": 0, "id": 1895 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIRS" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern" } ], "repeated": 0, "id": 1896 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask" } ], "repeated": 0, "id": 1897 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask" } ], "repeated": 0, "id": 1898 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1899 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "7" }, { "name": "Name", "value": "4" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4" } ], "repeated": 0, "id": 1900 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "4" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4" } ], "repeated": 0, "id": 1901 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position" } ], "repeated": 0, "id": 1902 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream" } ], "repeated": 0, "id": 1903 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MMOR" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern" } ], "repeated": 0, "id": 1904 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask" } ], "repeated": 0, "id": 1905 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask" } ], "repeated": 0, "id": 1906 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1907 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "8" }, { "name": "Name", "value": "5" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5" } ], "repeated": 0, "id": 1908 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "5" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5" } ], "repeated": 0, "id": 1909 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position" } ], "repeated": 0, "id": 1910 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream" } ], "repeated": 0, "id": 1911 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "MMSR" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern" } ], "repeated": 0, "id": 1912 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask" } ], "repeated": 0, "id": 1913 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask" } ], "repeated": 0, "id": 1914 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1915 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "9" }, { "name": "Name", "value": "6" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6" } ], "repeated": 0, "id": 1916 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "6" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6" } ], "repeated": 0, "id": 1917 }, { "timestamp": "2026-05-28 21:44:10,994", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position" } ], "repeated": 0, "id": 1918 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream" } ], "repeated": 0, "id": 1919 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "II\\x1a\\x00\\x00\\x00HE" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern" } ], "repeated": 0, "id": 1920 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask" } ], "repeated": 0, "id": 1921 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask" } ], "repeated": 0, "id": 1922 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1923 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "10" }, { "name": "Name", "value": "7" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7" } ], "repeated": 0, "id": 1924 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "7" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7" } ], "repeated": 0, "id": 1925 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position" } ], "repeated": 0, "id": 1926 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream" } ], "repeated": 0, "id": 1927 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "FUJIFILM" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern" } ], "repeated": 0, "id": 1928 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask" } ], "repeated": 0, "id": 1929 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask" } ], "repeated": 0, "id": 1930 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1931 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "11" }, { "name": "Name", "value": "8" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8" } ], "repeated": 0, "id": 1932 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "8" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8" } ], "repeated": 0, "id": 1933 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position" } ], "repeated": 0, "id": 1934 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream" } ], "repeated": 0, "id": 1935 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "\\x00MRM" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern" } ], "repeated": 0, "id": 1936 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask" } ], "repeated": 0, "id": 1937 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask" } ], "repeated": 0, "id": 1938 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1939 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "12" }, { "name": "Name", "value": "9" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9" } ], "repeated": 0, "id": 1940 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000496" }, { "name": "SubKey", "value": "9" }, { "name": "Handle", "value": "0x0000049a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9" } ], "repeated": 0, "id": 1941 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Position" }, { "name": "Data", "value": "8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position" } ], "repeated": 0, "id": 1942 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "EndOfStream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream" } ], "repeated": 0, "id": 1943 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Pattern" }, { "name": "Data", "value": "IIII\\x00waR" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern" } ], "repeated": 0, "id": 1944 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask" } ], "repeated": 0, "id": 1945 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" }, { "name": "ValueName", "value": "Mask" }, { "name": "Data", "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask" } ], "repeated": 0, "id": 1946 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000049a" } ], "repeated": 0, "id": 1947 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000496" }, { "name": "Index", "value": "13" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\" } ], "repeated": 0, "id": 1948 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000496" } ], "repeated": 0, "id": 1949 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000492" } ], "repeated": 0, "id": 1950 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000048e" } ], "repeated": 0, "id": 1951 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000486" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\" } ], "repeated": 0, "id": 1952 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000486" } ], "repeated": 0, "id": 1953 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679345a000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1954 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "DesiredAccess", "value": "0x000f0007", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000000" }, { "name": "FileName", "value": "" } ], "repeated": 0, "id": 1955 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f4e0000" }, { "name": "RegionSize", "value": "0x00030000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1956 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f4e0000" }, { "name": "RegionSize", "value": "0x00030000" }, { "name": "FreeType", "value": "0x00008000" } ], "repeated": 0, "id": 1957 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f4e0000" }, { "name": "SectionOffset", "value": "0xed18d9ee00" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1958 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f4f0000" }, { "name": "SectionOffset", "value": "0xed18d9ee00" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1959 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000484" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f500000" }, { "name": "SectionOffset", "value": "0xed18d9ee00" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1960 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#2" }, { "name": "Name", "value": "#31223" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1961 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "IMAGE" }, { "name": "Name", "value": "#31223" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1962 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "PNGFILE" }, { "name": "Name", "value": "#31223" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1963 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f4618f8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "PNG" }, { "name": "Name", "value": "#31223" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1964 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4b70f0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4618f8" } ], "repeated": 0, "id": 1965 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x0000039b", "arguments": [ { "name": "ModuleHandle", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4618f8" } ], "repeated": 0, "id": 1966 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#2" }, { "name": "Name", "value": "#31224" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1967 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "IMAGE" }, { "name": "Name", "value": "#31224" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1968 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "PNGFILE" }, { "name": "Name", "value": "#31224" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1969 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461908", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "PNG" }, { "name": "Name", "value": "#31224" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1970 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4b7490", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461908" } ], "repeated": 0, "id": 1971 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x000003bc", "arguments": [ { "name": "ModuleHandle", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461908" } ], "repeated": 0, "id": 1972 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 1973 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 3, "id": 1974 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251d48", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2156" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1975 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25b234", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251d48" } ], "repeated": 0, "id": 1976 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251d48", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2156" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1977 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25b234", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251d48" } ], "repeated": 0, "id": 1978 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251d48", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2156" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1979 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25b234", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251d48" } ], "repeated": 0, "id": 1980 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 1981 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 1, "id": 1982 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ef8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2407" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 1983 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d0d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ef8" } ], "repeated": 0, "id": 1984 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1985 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1986 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936e82b0" } ], "repeated": 0, "id": 1987 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a063bd", "parentcaller": "0x7ff729a05dd1", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1988 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a063bd", "parentcaller": "0x7ff729a05dd1", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1989 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a063bd", "parentcaller": "0x7ff729a05dd1", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1990 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a063bd", "parentcaller": "0x7ff729a05dd1", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1991 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a063bd", "parentcaller": "0x7ff729a05dd1", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1992 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a063bd", "parentcaller": "0x7ff729a05dd1", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1993 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27471000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1994 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27471000" }, { "name": "ModuleName", "value": "WTSAPI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 1995 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000498" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 1996 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 1997 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 1998 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936f0bc0" } ], "repeated": 0, "id": 1999 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2000 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ff729a0e0d0" }, { "name": "Parameter", "value": "0x267936f2eb0" } ], "repeated": 0, "id": 2001 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729a3b626", "parentcaller": "0x7ff729aaa184", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004a8" } ], "repeated": 0, "id": 2002 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729a3b6b7", "parentcaller": "0x7ff729aaa184", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2003 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729a3b781", "parentcaller": "0x7ff729aaa184", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "pzv\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 2004 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729a3b882", "parentcaller": "0x7ff729aaa184", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a8" } ], "repeated": 0, "id": 2005 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10e7b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2006 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a10e7b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2007 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa3ec", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004a8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo1.xml" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2008 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa43a", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo1.xml" } ], "repeated": 0, "id": 2009 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa38b", "parentcaller": "0x7ff729aaa634", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a8" } ], "repeated": 1, "id": 2010 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ff7299e4ea1", "parentcaller": "0x7ff7299e3f08", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004ac" } ], "repeated": 0, "id": 2011 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 2012 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004a8" } ], "repeated": 0, "id": 2013 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b0" } ], "repeated": 0, "id": 2014 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05dec", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "Winsta.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2a500000" } ], "repeated": 0, "id": 2015 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05e6c", "parentcaller": "0x7ff729a0e0ed", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users" }, { "name": "Handle", "value": "0x000004a8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users" } ], "repeated": 0, "id": 2016 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "13608", "caller": "0x7ff729a05e95", "parentcaller": "0x7ff729a0e0ed", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users\\" }, { "name": "NotifyFilter", "value": "0x00000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 2017 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12948", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2018 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12948", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2d142b30" }, { "name": "Parameter", "value": "0x2678d8e0b50" } ], "repeated": 0, "id": 2019 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462118", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38600" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2020 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49aec0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462118" } ], "repeated": 0, "id": 2021 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461ec8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#86" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2022 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49aa58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461ec8" } ], "repeated": 0, "id": 2023 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2024 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa3ec", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo2.xml" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2025 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa43a", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo2.xml" } ], "repeated": 0, "id": 2026 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa38b", "parentcaller": "0x7ff729aaa634", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2027 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa3ec", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo3.xml" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2028 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa43a", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo3.xml" } ], "repeated": 0, "id": 2029 }, { "timestamp": "2026-05-28 21:44:11,010", "thread_id": "5800", "caller": "0x7ff729aaa38b", "parentcaller": "0x7ff729aaa634", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2030 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa3ec", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo4.xml" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2031 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa43a", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo4.xml" } ], "repeated": 0, "id": 2032 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa38b", "parentcaller": "0x7ff729aaa634", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2033 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa3ec", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "0" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2034 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa43a", "parentcaller": "0x7ff729aaa634", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } ], "repeated": 0, "id": 2035 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa591", "parentcaller": "0x7ff729aaa634", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2036 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa6be", "parentcaller": "0x7ff729aab1f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2037 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa6be", "parentcaller": "0x7ff729aab1f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2038 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa6be", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "MutexName", "value": "" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 2039 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa6be", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2040 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729aaa6be", "parentcaller": "0x7ff729aab1f4", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679345b000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2041 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 2042 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "XmlLite.dll" } ], "repeated": 0, "id": 2043 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\xmllite.dll" } ], "repeated": 0, "id": 2044 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004bc" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\xmllite.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2045 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004c0" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004bc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\xmllite.dll" } ], "repeated": 0, "id": 2046 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004c0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26310000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00036000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2047 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26339000" }, { "name": "ModuleName", "value": "XmlLite.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2048 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26339000" }, { "name": "ModuleName", "value": "XmlLite.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2049 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26339000" }, { "name": "ModuleName", "value": "XmlLite.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2050 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26339000" }, { "name": "ModuleName", "value": "XmlLite.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2051 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26339000" }, { "name": "ModuleName", "value": "XmlLite.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2052 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004c0" } ], "repeated": 0, "id": 2053 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004bc" } ], "repeated": 0, "id": 2054 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc26339000" }, { "name": "ModuleName", "value": "XmlLite.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2055 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\XmlLite" }, { "name": "DllBase", "value": "0x7ffc26310000" } ], "repeated": 0, "id": 2056 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000004c0" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2057 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004c0" } ], "repeated": 0, "id": 2058 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2059 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2060 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2061 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776380", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2062 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004c0" } ], "repeated": 0, "id": 2063 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x267937756c0", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2064 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004c0" } ], "repeated": 0, "id": 2065 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776140", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2066 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004c0" } ], "repeated": 0, "id": 2067 }, { "timestamp": "2026-05-28 21:44:11,025", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2068 }, { "timestamp": "2026-05-28 21:44:11,916", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\xmllite" }, { "name": "BaseAddress", "value": "0x7ffc26310000" }, { "name": "InitRoutine", "value": "0x7ffc2631f5a0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 2069 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "10832", "caller": "0x7ff7299e6c27", "parentcaller": "0x7ff7299e6b3b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\profapi" }, { "name": "DllBase", "value": "0x7ffc2a700000" } ], "repeated": 0, "id": 2070 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2071 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1289e", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2072 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2073 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2074 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2075 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2076 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "\\xff\\xfe<\\x00?\\x00x\\x00m\\x00l\\x00 \\x00v\\x00e\\x00r\\x00s\\x00i\\x00o\\x00n\\x00=\\x00\"\\x001\\x00.\\x000\\x00\"\\x00 \\x00e\\x00n\\x00c\\x00o\\x00d\\x00i\\x00n\\x00g\\x00=\\x00\"\\x00U\\x00T\\x00F\\x00-\\x001\\x006\\x00\"\\x00?\\x00>\\x00\r\\x00\n\\x00<\\x00S\\x00t\\x00a\\x00r\\x00t\\x00u\\x00p\\x00D\\x00a\\x00t\\x00a\\x00 \\x00I\\x00n\\x00t\\x00e\\x00r\\x00v\\x00a\\x00l\\x00S\\x00t\\x00a\\x00r\\x00t\\x00M\\x00s\\x00=\\x00\"\\x003\\x009\\x003\\x008\\x00\"\\x00 \\x00I\\x00n\\x00t\\x00e\\x00r\\x00v\\x00a\\x00l\\x00E\\x00n\\x00d\\x00M\\x00s\\x00=\\x00\"\\x009\\x003\\x009\\x003\\x008\\x00\"\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00 \\x00N\\x00a\\x00m\\x00e\\x00=\\x00\"\\x00C\\x00:\\x00\\\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2077 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2078 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2079 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2080 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbcb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2081 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbcb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2082 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2083 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2084 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 2085 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\PlatformExperienceHelper\\platform_experience_helper.exe" } ], "repeated": 0, "id": 2086 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2087 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2088 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2089 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2090 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "r\\x00a\\x00s\\x00h\\x00p\\x00a\\x00d\\x00-\\x00h\\x00a\\x00n\\x00d\\x00l\\x00e\\x00r\\x00 \\x00-\\x00-\\x00d\\x00a\\x00t\\x00a\\x00b\\x00a\\x00s\\x00e\\x00=\\x00C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00T\\x00e\\x00m\\x00p\\x00\\\\x00C\\x00r\\x00a\\x00s\\x00h\\x00p\\x00a\\x00d\\x00 \\x00-\\x00-\\x00u\\x00r\\x00l\\x00=\\x00h\\x00t\\x00t\\x00p\\x00s\\x00:\\x00/\\x00/\\x00c\\x00l\\x00i\\x00e\\x00n\\x00t\\x00s\\x002\\x00.\\x00g\\x00o\\x00o\\x00g\\x00l\\x00e\\x00.\\x00c\\x00o\\x00m\\x00/\\x00c\\x00r\\x00/\\x00r\\x00e\\x00p\\x00o\\x00r\\x00t\\x00 \\x00-\\x00-\\x00a\\x00n\\x00n\\x00o\\x00t\\x00a\\x00t\\x00i\\x00o\\x00n\\x00=\\x00c\\x00h\\x00a\\x00n\\x00n\\x00e\\x00l\\x00=\\x00 \\x00-\\x00-\\x00a\\x00n\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2091 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2092 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2093 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2094 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\Installer\\chrmstp.exe" } ], "repeated": 2, "id": 2095 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2096 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2097 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2098 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2099 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "t\\x00a\\x00r\\x00t\\x00e\\x00d\\x00I\\x00n\\x00T\\x00r\\x00a\\x00c\\x00e\\x00S\\x00e\\x00c\\x00=\\x00\"\\x004\\x00.\\x009\\x008\\x002\\x00\"\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x002\\x005\\x00.\\x006\\x006\\x004\\x003\\x004\\x005\\x003\\x00<\\x00/\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00C\\x00o\\x00m\\x00m\\x00a\\x00n\\x00d\\x00L\\x00i\\x00n\\x00e\\x00>\\x00<\\x00!\\x00[\\x00C\\x00D\\x00A\\x00T\\x00A\\x00[\\x00\"\\x00C\\x00:\\x00\\\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00 \\x00F\\x00i\\x00l\\x00e\\x00s\\x00\\\\x00G\\x00o\\x00o\\x00g\\x00l\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2100 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2101 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2102 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2103 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" } ], "repeated": 0, "id": 2104 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\Installer\\chrmstp.exe" } ], "repeated": 0, "id": 2105 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2106 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2107 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2108 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2109 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "\n\\x00\t\\x00\t\\x00<\\x00C\\x00o\\x00m\\x00m\\x00a\\x00n\\x00d\\x00L\\x00i\\x00n\\x00e\\x00>\\x00<\\x00!\\x00[\\x00C\\x00D\\x00A\\x00T\\x00A\\x00[\\x00\"\\x00C\\x00:\\x00\\\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00 \\x00F\\x00i\\x00l\\x00e\\x00s\\x00 \\x00(\\x00x\\x008\\x006\\x00)\\x00\\\\x00S\\x00t\\x00e\\x00a\\x00m\\x00\\\\x00b\\x00i\\x00n\\x00\\\\x00c\\x00e\\x00f\\x00\\\\x00c\\x00e\\x00f\\x00.\\x00w\\x00i\\x00n\\x006\\x004\\x00\\\\x00s\\x00t\\x00e\\x00a\\x00m\\x00w\\x00e\\x00b\\x00h\\x00e\\x00l\\x00p\\x00e\\x00r\\x00.\\x00e\\x00x\\x00e\\x00\"\\x00 \\x00-\\x00-\\x00t\\x00y\\x00p\\x00e\\x00=\\x00r\\x00e\\x00n\\x00d\\x00e\\x00r\\x00e\\x00r\\x00 \\x00-\\x00-\\x00e\\x00n\\x00a\\x00b\\x00l\\x00e\\x00-\\x00c\\x00h\\x00r\\x00o\\x00m\\x00e\\x00-\\x00r\\x00u\\x00n\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2110 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2111 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2112 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2113 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 2114 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2115 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2116 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2117 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2118 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "-\\x00-\\x00t\\x00y\\x00p\\x00e\\x00=\\x00c\\x00r\\x00a\\x00s\\x00h\\x00p\\x00a\\x00d\\x00-\\x00h\\x00a\\x00n\\x00d\\x00l\\x00e\\x00r\\x00 \\x00/\\x00p\\x00r\\x00e\\x00f\\x00e\\x00t\\x00c\\x00h\\x00:\\x004\\x00 \\x00-\\x00-\\x00m\\x00a\\x00x\\x00-\\x00u\\x00p\\x00l\\x00o\\x00a\\x00d\\x00s\\x00=\\x005\\x00 \\x00-\\x00-\\x00m\\x00a\\x00x\\x00-\\x00d\\x00b\\x00-\\x00s\\x00i\\x00z\\x00e\\x00=\\x002\\x000\\x00 \\x00-\\x00-\\x00m\\x00a\\x00x\\x00-\\x00d\\x00b\\x00-\\x00a\\x00g\\x00e\\x00=\\x005\\x00 \\x00-\\x00-\\x00m\\x00o\\x00n\\x00i\\x00t\\x00o\\x00r\\x00-\\x00s\\x00e\\x00l\\x00f\\x00-\\x00a\\x00n\\x00n\\x00o\\x00t\\x00a\\x00t\\x00i\\x00o\\x00n\\x00=\\x00p\\x00t\\x00y\\x00p\\x00e\\x00=\\x00c\\x00r\\x00a\\x00s\\x00h\\x00p\\x00a\\x00d\\x00-\\x00h\\x00a\\x00n\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2119 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2120 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2121 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2122 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 2123 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2124 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2125 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2126 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2127 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x003\\x009\\x00.\\x000\\x008\\x008\\x009\\x005\\x000\\x001\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00.\\x00e\\x00x\\x00e\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00/\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00>\\x00\r\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2128 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2129 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2130 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2131 }, { "timestamp": "2026-05-28 21:44:11,932", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2132 }, { "timestamp": "2026-05-28 21:44:13,150", "thread_id": "10832", "caller": "0x7ff7299e6c27", "parentcaller": "0x7ff7299e6b3b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.UI.Immersive" }, { "name": "DllBase", "value": "0x7ffc1e400000" } ], "repeated": 0, "id": 2133 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "10832", "caller": "0x7ff7299e6c27", "parentcaller": "0x7ff7299e6b3b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Windows.UI.Immersive.dll" }, { "name": "BaseAddress", "value": "0x7ffc1e400000" } ], "repeated": 0, "id": 2134 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 2135 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "OLEACC.dll" } ], "repeated": 0, "id": 2136 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\oleacc.dll" } ], "repeated": 0, "id": 2137 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004cc" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\oleacc.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2138 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004d0" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\oleacc.dll" } ], "repeated": 0, "id": 2139 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc15030000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00066000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2140 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1508d000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2141 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1507a000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2142 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1507a000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2143 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1507a000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2144 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1507a000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2145 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc15079000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2146 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2147 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004cc" } ], "repeated": 0, "id": 2148 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc15079000" }, { "name": "ModuleName", "value": "OLEACC.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2149 }, { "timestamp": "2026-05-28 21:44:14,244", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\OLEACC" }, { "name": "DllBase", "value": "0x7ffc15030000" } ], "repeated": 0, "id": 2150 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "advapi32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" } ], "repeated": 0, "id": 2151 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventWrite" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d13f1b0" } ], "repeated": 0, "id": 2152 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventRegister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132e80" } ], "repeated": 0, "id": 2153 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ADVAPI32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ced0000" }, { "name": "FunctionName", "value": "EventUnregister" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d140390" } ], "repeated": 0, "id": 2154 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790d60001", "arguments": [ { "name": "lpLibFileName", "value": "OLEACCRC.DLL" }, { "name": "dwFlags", "value": "0x00000002" } ], "repeated": 0, "id": 2155 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\oleacc" }, { "name": "BaseAddress", "value": "0x7ffc15030000" }, { "name": "InitRoutine", "value": "0x7ffc1503ec30" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 2156 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2157 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1c959000" }, { "name": "ModuleName", "value": "DUI70.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2158 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "USER32.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" } ], "repeated": 0, "id": 2159 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-core-libraryloader-l1-2-0.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 2160 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-core-memory-l1-1-2.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 2161 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "NTDLL.DLL" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2162 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetGUIThreadInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4010" } ], "repeated": 0, "id": 2163 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetAccCursorInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 2164 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetCursorInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f3f90" } ], "repeated": 0, "id": 2165 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetWindowInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7d05c0" } ], "repeated": 0, "id": 2166 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetTitleBarInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f42d0" } ], "repeated": 0, "id": 2167 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetScrollBarInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4290" } ], "repeated": 0, "id": 2168 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetComboBoxInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f3f60" } ], "repeated": 0, "id": 2169 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetAncestor" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f3ef0" } ], "repeated": 0, "id": 2170 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "RealChildWindowFromPoint" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f48d0" } ], "repeated": 0, "id": 2171 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "RealGetWindowClassW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e3e60" } ], "repeated": 0, "id": 2172 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetAltTabInfoW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c849ee0" } ], "repeated": 0, "id": 2173 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetListBoxInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f40d0" } ], "repeated": 0, "id": 2174 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetMenuBarInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f40f0" } ], "repeated": 0, "id": 2175 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "SendInput" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4a20" } ], "repeated": 0, "id": 2176 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "BlockInput" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f3a90" } ], "repeated": 0, "id": 2177 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "LogicalToPhysicalPoint" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4630" } ], "repeated": 0, "id": 2178 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "PhysicalToLogicalPoint" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f46f0" } ], "repeated": 0, "id": 2179 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "WindowFromPhysicalPoint" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4fb0" } ], "repeated": 0, "id": 2180 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "GetPhysicalCursorPos" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7e7da0" } ], "repeated": 0, "id": 2181 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "LogicalToPhysicalPointForPerMonitorDPI" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4640" } ], "repeated": 0, "id": 2182 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "USER32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2c7c0000" }, { "name": "FunctionName", "value": "PhysicalToLogicalPointForPerMonitorDPI" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2c7f4700" } ], "repeated": 0, "id": 2183 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "GetModuleFileNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adb0cd0" } ], "repeated": 0, "id": 2184 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryInformationProcess" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18d2f0" } ], "repeated": 0, "id": 2185 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "OLEAUT32.DLL" }, { "name": "BaseAddress", "value": "0x7ffc2ca70000" } ], "repeated": 0, "id": 2186 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2ca70000", "arguments": [ { "name": "lpLibFileName", "value": "OLEAUT32.DLL" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2187 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "ListBox" }, { "name": "Atom", "value": "0x0000c026" } ], "repeated": 0, "id": 2188 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "#32768" }, { "name": "Atom", "value": "0x00008000" } ], "repeated": 0, "id": 2189 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "Button" }, { "name": "Atom", "value": "0x0000c027" } ], "repeated": 0, "id": 2190 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "Static" }, { "name": "Atom", "value": "0x0000c028" } ], "repeated": 0, "id": 2191 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "Edit" }, { "name": "Atom", "value": "0x0000c029" } ], "repeated": 0, "id": 2192 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "ComboBox" }, { "name": "Atom", "value": "0x0000c02a" } ], "repeated": 0, "id": 2193 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "#32770" }, { "name": "Atom", "value": "0x00008002" } ], "repeated": 0, "id": 2194 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "#32771" }, { "name": "Atom", "value": "0x00008003" } ], "repeated": 0, "id": 2195 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "MDIClient" }, { "name": "Atom", "value": "0x0000c02b" } ], "repeated": 0, "id": 2196 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "#32769" }, { "name": "Atom", "value": "0x00008001" } ], "repeated": 0, "id": 2197 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "ScrollBar" }, { "name": "Atom", "value": "0x0000c02c" } ], "repeated": 0, "id": 2198 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "msctls_statusbar32" }, { "name": "Atom", "value": "0x0000c02d" } ], "repeated": 0, "id": 2199 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "ToolbarWindow32" }, { "name": "Atom", "value": "0x0000c02e" } ], "repeated": 0, "id": 2200 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "msctls_progress32" }, { "name": "Atom", "value": "0x0000c02f" } ], "repeated": 0, "id": 2201 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysAnimate32" }, { "name": "Atom", "value": "0x0000c030" } ], "repeated": 0, "id": 2202 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysTabControl32" }, { "name": "Atom", "value": "0x0000c031" } ], "repeated": 0, "id": 2203 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "msctls_hotkey32" }, { "name": "Atom", "value": "0x0000c032" } ], "repeated": 0, "id": 2204 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysHeader32" }, { "name": "Atom", "value": "0x0000c033" } ], "repeated": 0, "id": 2205 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "msctls_trackbar32" }, { "name": "Atom", "value": "0x0000c034" } ], "repeated": 0, "id": 2206 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysListView32" }, { "name": "Atom", "value": "0x0000c035" } ], "repeated": 0, "id": 2207 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "OpenListView" }, { "name": "Atom", "value": "0x0000c036" } ], "repeated": 0, "id": 2208 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "msctls_updown" }, { "name": "Atom", "value": "0x0000c037" } ], "repeated": 0, "id": 2209 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "msctls_updown32" }, { "name": "Atom", "value": "0x0000c038" } ], "repeated": 0, "id": 2210 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "tooltips_class" }, { "name": "Atom", "value": "0x0000c039" } ], "repeated": 0, "id": 2211 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "tooltips_class32" }, { "name": "Atom", "value": "0x0000c03a" } ], "repeated": 0, "id": 2212 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysTreeView32" }, { "name": "Atom", "value": "0x0000c03b" } ], "repeated": 0, "id": 2213 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysMonthCal32" }, { "name": "Atom", "value": "0x0000c03c" } ], "repeated": 0, "id": 2214 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysDateTimePick32" }, { "name": "Atom", "value": "0x0000c03d" } ], "repeated": 0, "id": 2215 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "RICHEDIT" }, { "name": "Atom", "value": "0x0000c03e" } ], "repeated": 0, "id": 2216 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "RichEdit20A" }, { "name": "Atom", "value": "0x0000c03f" } ], "repeated": 0, "id": 2217 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "RichEdit20W" }, { "name": "Atom", "value": "0x0000c040" } ], "repeated": 0, "id": 2218 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "SysIPAddress32" }, { "name": "Atom", "value": "0x0000c041" } ], "repeated": 0, "id": 2219 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32" }, { "name": "Handle", "value": "0x000004de" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2220 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004de" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{03022430-ABC4-11D0-BDE2-00AA001A1953}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2221 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004de" } ], "repeated": 0, "id": 2222 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 2223 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004dc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\OLEACCRC.DLL.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2224 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004dc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\oleaccrc.dll.mui" } ], "repeated": 0, "id": 2225 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790d70000" }, { "name": "SectionOffset", "value": "0xed18d9e0a0" }, { "name": "ViewSize", "value": "0x00005000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2226 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2227 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ef8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2407" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2228 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d0d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ef8" } ], "repeated": 0, "id": 2229 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793788000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2230 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2231 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2232 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2233 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2234 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2235 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2236 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2237 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2238 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2239 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2240 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679378b000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2241 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2242 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2243 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251bb8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2092" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2244 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f258c6c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251bb8" } ], "repeated": 0, "id": 2245 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679378e000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2246 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793790000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2247 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 7, "id": 2248 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 2249 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793795000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2250 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 1, "id": 2251 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ed8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2351" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2252 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25cfc4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ed8" } ], "repeated": 0, "id": 2253 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2254 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 2255 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2256 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 2257 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2438" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2258 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d3d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251f28" } ], "repeated": 0, "id": 2259 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679379e000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2260 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937a1000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2261 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 2262 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937a4000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2263 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937a7000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2264 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 2265 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 2266 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937ac000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2267 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937b5000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2268 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 2269 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937be000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2270 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 7, "id": 2271 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 2272 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937c3000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2273 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937c8000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2274 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a040a3", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000029" }, { "name": "uiParam", "value": "0x000001f8" } ], "repeated": 0, "id": 2275 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251c68", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2117" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2276 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a6a8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251c68" } ], "repeated": 0, "id": 2277 }, { "timestamp": "2026-05-28 21:44:15,150", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 2278 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" }, { "name": "Handle", "value": "0x000004d8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 2279 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d8" }, { "name": "ValueName", "value": "AccListViewV6" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6" } ], "repeated": 0, "id": 2280 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d8" } ], "repeated": 0, "id": 2281 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" }, { "name": "Handle", "value": "0x000004d8" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 2282 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d8" }, { "name": "ValueName", "value": "UseDoubleClickTimer" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer" } ], "repeated": 0, "id": 2283 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d8" } ], "repeated": 0, "id": 2284 }, { "timestamp": "2026-05-28 21:44:15,166", "thread_id": "13188", "caller": "0x7ff7299e4d7a", "parentcaller": "0x7ff7299e483b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\srumapi" }, { "name": "DllBase", "value": "0x7ffc19c60000" } ], "repeated": 0, "id": 2285 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 2286 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x000004e0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 2287 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 2288 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2289 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "UxSubclassInfo" }, { "name": "Atom", "value": "0x0000c018" } ], "repeated": 0, "id": 2290 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x000004e0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 2291 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004e0" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 2292 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f32d", "parentcaller": "0x7ff729a04106", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004e0" } ], "repeated": 0, "id": 2293 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f349", "parentcaller": "0x7ff729a04106", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 3, "id": 2294 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a0f349", "parentcaller": "0x7ff729a04106", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00001022" }, { "name": "uiParam", "value": "0x00000000" } ], "repeated": 0, "id": 2295 }, { "timestamp": "2026-05-28 21:44:15,338", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 2296 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x000004d0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 2297 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d0" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 2298 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2299 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x000004d0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 2300 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d0" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 2301 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff729a04106", "parentcaller": "0x7ff729a02e59", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2302 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "GetSystemMetrics", "status": true, "return": "0x00000780", "arguments": [ { "name": "SystemMetricIndex", "value": "0" } ], "repeated": 0, "id": 2303 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 2304 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2305 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "RegisterClassNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17275670" } ], "repeated": 0, "id": 2306 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 2307 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 1, "id": 2308 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2309 }, { "timestamp": "2026-05-28 21:44:15,525", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2cb78000" }, { "name": "ModuleName", "value": "GDI32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2310 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2311 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2312 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 2313 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2314 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "RegisterClassNameW" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17275670" } ], "repeated": 0, "id": 2315 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 2316 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x000004d0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 2317 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d0" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 2318 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2319 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790db9000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2320 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000004d0" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" } ], "repeated": 0, "id": 2321 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000004d0" }, { "name": "ValueName", "value": "PreferExternalManifest" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest" } ], "repeated": 0, "id": 2322 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2323 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x001200a9", "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\UxTheme.dll.Config" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2324 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004d0" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "C:\\Windows\\System32\\uxtheme.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2325 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2326 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 2327 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2328 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790d80000" }, { "name": "RegionSize", "value": "0x00002000" } ], "repeated": 0, "id": 2329 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2330 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "HIMAGELIST_QueryInterface" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1726fa20" } ], "repeated": 0, "id": 2331 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "DrawShadowText" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc172ecfe0" } ], "repeated": 0, "id": 2332 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "DrawSizeBox" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1727f780" } ], "repeated": 0, "id": 2333 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "DrawScrollBar" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17260d20" } ], "repeated": 0, "id": 2334 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "SizeBoxHwnd" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc172652d0" } ], "repeated": 0, "id": 2335 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "ScrollBar_MouseMove" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc172e21e0" } ], "repeated": 0, "id": 2336 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "ScrollBar_Menu" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc172e1ff0" } ], "repeated": 0, "id": 2337 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "HandleScrollCmd" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc172e1f50" } ], "repeated": 0, "id": 2338 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "DetachScrollBars" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc171f2440" } ], "repeated": 0, "id": 2339 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "AttachScrollBars" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17267150" } ], "repeated": 0, "id": 2340 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "CCSetScrollInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17262230" } ], "repeated": 0, "id": 2341 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "CCGetScrollInfo" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1727bcc0" } ], "repeated": 0, "id": 2342 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "CCEnableScrollBar" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc171f2830" } ], "repeated": 0, "id": 2343 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "QuerySystemGestureStatus" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc172e1fb0" } ], "repeated": 0, "id": 2344 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 2345 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2678f331000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2346 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e50d0", "parentcaller": "0x7ff7299e46ef", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "Comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 2347 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e50d0", "parentcaller": "0x7ff7299e46ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "Comctl32.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2348 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e50a7", "parentcaller": "0x7ff7299e46ef", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "SetWindowSubclass" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17253d40" } ], "repeated": 0, "id": 2349 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4cd1", "parentcaller": "0x7ff7299e4c33", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "UxSubclassInfo" }, { "name": "Atom", "value": "0x0000c018" } ], "repeated": 0, "id": 2350 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "GetSystemMetrics", "status": true, "return": "0x00000780", "arguments": [ { "name": "SystemMetricIndex", "value": "0" } ], "repeated": 0, "id": 2351 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 2352 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790dba000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2353 }, { "timestamp": "2026-05-28 21:44:15,697", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "GetKeyboardLayout", "status": true, "return": "0x04090409", "arguments": [ { "name": "KeyboardLayout", "value": "0x00000409" }, { "name": "LanguageName", "value": "English (United States)" } ], "repeated": 1, "id": 2354 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 1, "id": 2355 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" }, { "name": "Handle", "value": "0x000004d4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes" } ], "repeated": 0, "id": 2356 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d4" }, { "name": "ValueName", "value": "Segoe UI" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI" } ], "repeated": 0, "id": 2357 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d4" } ], "repeated": 0, "id": 2358 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299e4b7e", "parentcaller": "0x7ff7299e4ae4", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 0, "id": 2359 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299e4cd1", "parentcaller": "0x7ff7299e4c33", "category": "synchronization", "api": "NtAddAtomEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "AtomName", "value": "UxSubclassInfo" }, { "name": "Atom", "value": "0x0000c018" } ], "repeated": 0, "id": 2360 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ea8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2328" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2361 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25cac0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ea8" } ], "repeated": 0, "id": 2362 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251d48", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2156" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2363 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25b234", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251d48" } ], "repeated": 0, "id": 2364 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461968", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#2" }, { "name": "Name", "value": "#31212" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2365 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4b6180", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461968" } ], "repeated": 0, "id": 2366 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251cd8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2144" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2367 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25ab80", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251cd8" } ], "repeated": 0, "id": 2368 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251cc8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2143" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2369 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25a98c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251cc8" } ], "repeated": 0, "id": 2370 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251cd8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2144" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2371 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25ab80", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251cd8" } ], "repeated": 0, "id": 2372 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2376" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2373 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ee8" } ], "repeated": 0, "id": 2374 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2376" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2375 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ee8" } ], "repeated": 0, "id": 2376 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ed8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2351" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2377 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25cfc4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ed8" } ], "repeated": 0, "id": 2378 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ed8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2351" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2379 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25cfc4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ed8" } ], "repeated": 0, "id": 2380 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2376" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2381 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ee8" } ], "repeated": 0, "id": 2382 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2376" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2383 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ee8" } ], "repeated": 0, "id": 2384 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2376" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2385 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ee8" } ], "repeated": 0, "id": 2386 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ef8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2407" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2387 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d0d4", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ef8" } ], "repeated": 0, "id": 2388 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2376" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2389 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25d038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251ee8" } ], "repeated": 0, "id": 2390 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f251fc8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#6" }, { "name": "Name", "value": "#2626" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2391 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fdfee", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f25e37c", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f251fc8" } ], "repeated": 0, "id": 2392 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe065", "parentcaller": "0x7ff729a02e98", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\resmon.exe" } ], "repeated": 0, "id": 2393 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe0f5", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462108", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#31211" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2394 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe0f5", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4b60f8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462108" } ], "repeated": 0, "id": 2395 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe0f5", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462008", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#106" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2396 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe0f5", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f4b5c90", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462008" } ], "repeated": 0, "id": 2397 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe1bf", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462038", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#30653" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2398 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe1bf", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f488d68", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462038" } ], "repeated": 0, "id": 2399 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe1bf", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461b88", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#34" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2400 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff7299fe1bf", "parentcaller": "0x7ff729a02e98", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f488900", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461b88" } ], "repeated": 0, "id": 2401 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a262f0", "parentcaller": "0x7ff729a02ec5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937d1000" }, { "name": "RegionSize", "value": "0x00009000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2402 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a262f0", "parentcaller": "0x7ff729a02ec5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937e0000" }, { "name": "RegionSize", "value": "0x00200000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2403 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a262f0", "parentcaller": "0x7ff729a02ec5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937e0000" }, { "name": "RegionSize", "value": "0x00013000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2404 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a262f0", "parentcaller": "0x7ff729a02ec5", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937f3000" }, { "name": "RegionSize", "value": "0x00024000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2405 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a262f0", "parentcaller": "0x7ff729a02ec5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937e1000" }, { "name": "RegionSize", "value": "0x00035000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 2406 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a262f0", "parentcaller": "0x7ff729a02ec5", "category": "process", "api": "NtFreeVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937cb000" }, { "name": "RegionSize", "value": "0x0000e000" }, { "name": "FreeType", "value": "0x00004000" } ], "repeated": 0, "id": 2407 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a2633a", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x000004d4" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 2408 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a2633a", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004d4" }, { "name": "ValueName", "value": "StartUpTab" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab" } ], "repeated": 0, "id": 2409 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a2633a", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d4" } ], "repeated": 0, "id": 2410 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a062ef", "parentcaller": "0x7ff729a2633a", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager" } ], "repeated": 0, "id": 2411 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f05", "parentcaller": "0x7ff729a0467a", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937cb000" }, { "name": "RegionSize", "value": "0x0000e000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2412 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f05", "parentcaller": "0x7ff729a0467a", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937e1000" }, { "name": "RegionSize", "value": "0x00035000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2413 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2414 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 2415 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 2416 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback" }, { "name": "Handle", "value": "0x000004d0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback" } ], "repeated": 0, "id": 2417 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000004d0" }, { "name": "SubKey", "value": "Segoe MDL2 Assets" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe MDL2 Assets" } ], "repeated": 0, "id": 2418 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004d0" } ], "repeated": 0, "id": 2419 }, { "timestamp": "2026-05-28 21:44:15,885", "thread_id": "14212", "caller": "0x7ff729a02f41", "parentcaller": "0x7ff729a0467a", "category": "misc", "api": "SystemParametersInfoW", "status": true, "return": "0x00000001", "arguments": [ { "name": "Action", "value": "0x00000042" }, { "name": "uiParam", "value": "0x00000010" } ], "repeated": 6, "id": 2420 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e4d7a", "parentcaller": "0x7ff7299e483b", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "srumapi.dll" }, { "name": "BaseAddress", "value": "0x7ffc19c60000" } ], "repeated": 0, "id": 2421 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e4d7a", "parentcaller": "0x7ff7299e483b", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc19c60000", "arguments": [ { "name": "lpLibFileName", "value": "srumapi.dll" }, { "name": "dwFlags", "value": "0x00000000" } ], "repeated": 0, "id": 2422 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e4865", "parentcaller": "0x7ff7299e3839", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "srumapi.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19c60000" }, { "name": "FunctionName", "value": "SruRegisterRealTimeStats" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19c61290" } ], "repeated": 0, "id": 2423 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e4889", "parentcaller": "0x7ff7299e3839", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "srumapi.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19c60000" }, { "name": "FunctionName", "value": "SruQueryStats" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19c62220" } ], "repeated": 0, "id": 2424 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e48ad", "parentcaller": "0x7ff7299e3839", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "srumapi.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19c60000" }, { "name": "FunctionName", "value": "SruFreeRecordSet" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19c620d0" } ], "repeated": 0, "id": 2425 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e48d1", "parentcaller": "0x7ff7299e3839", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "srumapi.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19c60000" }, { "name": "FunctionName", "value": "SruUnregisterRealTimeStats" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19c64d30" } ], "repeated": 0, "id": 2426 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e3ab7", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2427 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e3c77", "parentcaller": "0x7ff7299e3ad3", "category": "system", "api": "CreateTimerQueueTimer", "status": true, "return": "0x00000001", "arguments": [ { "name": "phNewTimer", "value": "0x267937ba2f0" }, { "name": "TimerQueue", "value": "0x00000000" }, { "name": "Callback", "value": "0x29a44c70" }, { "name": "Parameter", "value": "0x1957fe70" }, { "name": "DueTime", "value": "5000" }, { "name": "Period", "value": "1000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 2428 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19c70000" }, { "name": "ModuleName", "value": "srumapi.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2429 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19c70000" }, { "name": "ModuleName", "value": "srumapi.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2430 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 2431 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "windows.storage.dll" } ], "repeated": 0, "id": 2432 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\windows.storage.dll" } ], "repeated": 0, "id": 2433 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004f4" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\windows.storage.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2434 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004f8" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004f4" }, { "name": "FileName", "value": "C:\\Windows\\System32\\windows.storage.dll" } ], "repeated": 0, "id": 2435 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc288b0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0079b000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2436 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00003000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2437 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc28ec2000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2438 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc28ec2000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2439 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc28ec2000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2440 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc28ec2000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2441 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc28ec1000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2442 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "Wldp.dll" } ], "repeated": 0, "id": 2443 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" } ], "repeated": 0, "id": 2444 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" } ], "repeated": 0, "id": 2445 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\wldp.dll" } ], "repeated": 0, "id": 2446 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004f4" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\wldp.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2447 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004f8" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000004f4" }, { "name": "FileName", "value": "C:\\Windows\\System32\\wldp.dll" } ], "repeated": 0, "id": 2448 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000004f8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a140000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0002d000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2449 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a169000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2450 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a159000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2451 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a159000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2452 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a159000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2453 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a159000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2454 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a159000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2455 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f8" } ], "repeated": 0, "id": 2456 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004f4" } ], "repeated": 0, "id": 2457 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc28ec1000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00002000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2458 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "35" }, { "name": "ProcessInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xce\\x99\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00l\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x03\\x00e\\x00\\\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x07s\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x008\\x00.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x03\\x00.\\x002\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x9b\\x99\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00h\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x03\\x00x\\x00e\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x0bs\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00u\\x00s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x03\\x00t\\x00i\\x00\\x02\\x00\\x00\\x00g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xa0\\x99\\x8dg\\x02\\x00\\x00\\x02\\x00\\x00\\x00l\\x00o\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x02\\x00-\\x00-\\x00" } ], "repeated": 0, "id": 2459 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2a159000" }, { "name": "ModuleName", "value": "Wldp.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2460 }, { "timestamp": "2026-05-28 21:44:16,463", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\Wldp" }, { "name": "DllBase", "value": "0x7ffc2a140000" } ], "repeated": 0, "id": 2461 }, { "timestamp": "2026-05-28 21:44:16,838", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x00000508" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x267937b3180" }, { "name": "CreateFlags", "value": "0x00000000" }, { "name": "ThreadId", "value": "3380" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "combase.dll" } ], "repeated": 0, "id": 2462 }, { "timestamp": "2026-05-28 21:44:17,010", "thread_id": "3380", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2463 }, { "timestamp": "2026-05-28 21:44:17,010", "thread_id": "12948", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000510" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 2464 }, { "timestamp": "2026-05-28 21:44:17,213", "thread_id": "11032", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000518" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 2465 }, { "timestamp": "2026-05-28 21:44:17,213", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2466 }, { "timestamp": "2026-05-28 21:44:17,994", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\SYSTEM32\\windows.storage" }, { "name": "DllBase", "value": "0x7ffc288b0000" } ], "repeated": 0, "id": 2467 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0000032A-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "00000149-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2468 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2469 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\srumapi.dll" }, { "name": "BaseAddress", "value": "0x7ffc19c60000" } ], "repeated": 0, "id": 2470 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "DDCFD26B-FEED-44CD-B71D-79487D2E5E5A" }, { "name": "ClsContext", "value": "0x00000005", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "71A5EC7F-F325-4376-9D94-622C372E256F" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 2471 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2472 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2473 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}" }, { "name": "Handle", "value": "0x00000532" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}" } ], "repeated": 0, "id": 2474 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000532" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x00000536" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\\ProxyStubClsid32" } ], "repeated": 0, "id": 2475 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{71A5EC7F-F325-4376-9D94-622C372E256F}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 2476 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000536" } ], "repeated": 0, "id": 2477 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000532" } ], "repeated": 0, "id": 2478 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2479 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2480 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2481 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x00000530" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 2482 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000534" } ], "repeated": 0, "id": 2483 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2484 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xe8cw\\x93g\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2485 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "pVw\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xb7r\\x93" } ], "repeated": 0, "id": 2486 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2487 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x98Oz\\x93g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2488 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2489 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x08kw\\x93g\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2490 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x9f\\x1d\\xbd:\\x97\\xb6\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00@\\xe0W\\x19\\xed\\x00\\x00\\x008\\xe0W\\x19\\xed\\x00\\x00\\x00\\x08\\xe0W\\x19\\xed\\x00\\x00\\x00(\\xe0W\\x19" } ], "repeated": 0, "id": 2491 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00kw\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00(\\xdeW\\x19\\xed\\x00\\x00\\x004\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2492 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2493 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xe8]w\\x93g\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00o\\x00r\\x00e\\x00-\\x00w\\x00i\\x00n\\x003\\x002\\x00k\\x00-\\x00m\\x00i\\x00n\\x00u\\x00s\\x00e\\x00r\\x00-\\x00l\\x001\\x00-\\x001\\x00-\\x000\\x00\\x00\\x00" } ], "repeated": 0, "id": 2494 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "PXw\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00-\\x00w\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00e\\x00-\\x00w\\x00i\\x00n\\x003\\x002\\x00k\\x00-\\x00f\\x00u\\x00l\\x00l\\x00u\\x00s\\x00e\\x00r\\x00-\\x00l\\x001\\x00-\\x001\\x00-\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2495 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2496 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x08Oz\\x93g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 2497 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 2498 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x88Zw\\x93g\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 2499 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x7f\\x1e\\xbd:\\x97\\xb6\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xa0\\xdcW\\x19\\xed\\x00\\x00\\x00\\x98\\xdcW\\x19\\xed\\x00\\x00\\x00h\\xdcW\\x19\\xed\\x00\\x00\\x00\\x88\\xdcW\\x19" } ], "repeated": 0, "id": 2500 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80Zw\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xdaW\\x19\\xed\\x00\\x00\\x004\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 2501 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000530" } ], "repeated": 0, "id": 2502 }, { "timestamp": "2026-05-28 21:44:18,182", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000534" } ], "repeated": 0, "id": 2503 }, { "timestamp": "2026-05-28 21:44:20,666", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2504 }, { "timestamp": "2026-05-28 21:44:20,666", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000051c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2505 }, { "timestamp": "2026-05-28 21:44:20,666", "thread_id": "13188", "caller": "0x7ff7299e59e7", "parentcaller": "0x7ff7299e3b10", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000528" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000534" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 2506 }, { "timestamp": "2026-05-28 21:44:20,838", "thread_id": "12948", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc2b428ce0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\x99\\x81\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2507 }, { "timestamp": "2026-05-28 21:44:20,838", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b428c8a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000538" } ], "repeated": 0, "id": 2508 }, { "timestamp": "2026-05-28 21:44:20,838", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 2509 }, { "timestamp": "2026-05-28 21:44:20,838", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2510 }, { "timestamp": "2026-05-28 21:44:20,838", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2511 }, { "timestamp": "2026-05-28 21:44:21,025", "thread_id": "11620", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2512 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-eventing-provider-l1-1-0.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 2513 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "EventSetInformation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132af0" } ], "repeated": 0, "id": 2514 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\wldp" }, { "name": "BaseAddress", "value": "0x7ffc2a140000" }, { "name": "InitRoutine", "value": "0x7ffc2a143200" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 2515 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "api-ms-win-core-synch-l1-2-0.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" } ], "repeated": 0, "id": 2516 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "InitializeConditionVariable" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d159f40" } ], "repeated": 0, "id": 2517 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "SleepConditionVariableCS" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2adc3890" } ], "repeated": 0, "id": 2518 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2ad50000" }, { "name": "FunctionName", "value": "WakeAllConditionVariable" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d145430" } ], "repeated": 0, "id": 2519 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2520 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2521 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 2522 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDllShutdownInProgress" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d153410" } ], "repeated": 0, "id": 2523 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\windows.storage" }, { "name": "BaseAddress", "value": "0x7ffc288b0000" }, { "name": "InitRoutine", "value": "0x7ffc28a692f0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 2524 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2525 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2526 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2527 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2528 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000570" } ], "repeated": 0, "id": 2529 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2530 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2531 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2532 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\xbcg\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2533 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000574" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 2534 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2535 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2536 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000574" }, { "name": "SubKey", "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}" }, { "name": "Handle", "value": "0x00000578" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}" } ], "repeated": 0, "id": 2537 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000574" } ], "repeated": 0, "id": 2538 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category" } ], "repeated": 0, "id": 2539 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "ProgramFilesX86" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name" } ], "repeated": 0, "id": 2540 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder" } ], "repeated": 0, "id": 2541 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description" } ], "repeated": 0, "id": 2542 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath" } ], "repeated": 0, "id": 2543 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName" } ], "repeated": 0, "id": 2544 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip" } ], "repeated": 0, "id": 2545 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21817" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName" } ], "repeated": 0, "id": 2546 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon" } ], "repeated": 0, "id": 2547 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security" } ], "repeated": 0, "id": 2548 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource" } ], "repeated": 0, "id": 2549 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType" } ], "repeated": 0, "id": 2550 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly" } ], "repeated": 0, "id": 2551 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable" } ], "repeated": 0, "id": 2552 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate" } ], "repeated": 0, "id": 2553 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream" } ], "repeated": 0, "id": 2554 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath" } ], "repeated": 0, "id": 2555 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags" } ], "repeated": 0, "id": 2556 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes" } ], "repeated": 0, "id": 2557 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID" } ], "repeated": 0, "id": 2558 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler" } ], "repeated": 0, "id": 2559 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2560 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2561 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000578" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000574" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag" } ], "repeated": 0, "id": 2562 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" } ], "repeated": 0, "id": 2563 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion" }, { "name": "Handle", "value": "0x00000578" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion" } ], "repeated": 0, "id": 2564 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "ProgramFilesDir (x86)" }, { "name": "Data", "value": "C:\\Program Files (x86)" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)" } ], "repeated": 0, "id": 2565 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" } ], "repeated": 0, "id": 2566 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2567 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2568 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2569 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000570" } ], "repeated": 0, "id": 2570 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2571 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\xbcg\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2572 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000578" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 2573 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000578" }, { "name": "SubKey", "value": "{6D809377-6AF0-444B-8957-A3773F02200E}" }, { "name": "Handle", "value": "0x0000057c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}" } ], "repeated": 0, "id": 2574 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" } ], "repeated": 0, "id": 2575 }, { "timestamp": "2026-05-28 21:44:21,135", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category" } ], "repeated": 0, "id": 2576 }, { "timestamp": "2026-05-28 21:44:21,150", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "ProgramFilesX64" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name" } ], "repeated": 0, "id": 2577 }, { "timestamp": "2026-05-28 21:44:21,150", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder" } ], "repeated": 0, "id": 2578 }, { "timestamp": "2026-05-28 21:44:21,166", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description" } ], "repeated": 0, "id": 2579 }, { "timestamp": "2026-05-28 21:44:21,166", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath" } ], "repeated": 0, "id": 2580 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName" } ], "repeated": 0, "id": 2581 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip" } ], "repeated": 0, "id": 2582 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName" } ], "repeated": 0, "id": 2583 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon" } ], "repeated": 0, "id": 2584 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security" } ], "repeated": 0, "id": 2585 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource" } ], "repeated": 0, "id": 2586 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType" } ], "repeated": 0, "id": 2587 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly" } ], "repeated": 0, "id": 2588 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable" } ], "repeated": 0, "id": 2589 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate" } ], "repeated": 0, "id": 2590 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream" } ], "repeated": 0, "id": 2591 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath" } ], "repeated": 0, "id": 2592 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags" } ], "repeated": 0, "id": 2593 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes" } ], "repeated": 0, "id": 2594 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID" } ], "repeated": 0, "id": 2595 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler" } ], "repeated": 0, "id": 2596 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000057c" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PropertyBag" } ], "repeated": 0, "id": 2597 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000057c" } ], "repeated": 0, "id": 2598 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion" }, { "name": "Handle", "value": "0x0000057c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion" } ], "repeated": 0, "id": 2599 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000057c" }, { "name": "ValueName", "value": "ProgramFilesDir" }, { "name": "Data", "value": "C:\\Program Files" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir" } ], "repeated": 0, "id": 2600 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000057c" } ], "repeated": 0, "id": 2601 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2602 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000570" } ], "repeated": 0, "id": 2603 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2604 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\xbcg\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2605 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x0000057c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 2606 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000057c" }, { "name": "SubKey", "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}" }, { "name": "Handle", "value": "0x00000578" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}" } ], "repeated": 0, "id": 2607 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000057c" } ], "repeated": 0, "id": 2608 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category" } ], "repeated": 0, "id": 2609 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "SystemX86" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name" } ], "repeated": 0, "id": 2610 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder" } ], "repeated": 0, "id": 2611 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description" } ], "repeated": 0, "id": 2612 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath" } ], "repeated": 0, "id": 2613 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName" } ], "repeated": 0, "id": 2614 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip" } ], "repeated": 0, "id": 2615 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName" } ], "repeated": 0, "id": 2616 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon" } ], "repeated": 0, "id": 2617 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security" } ], "repeated": 0, "id": 2618 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource" } ], "repeated": 0, "id": 2619 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType" } ], "repeated": 0, "id": 2620 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly" } ], "repeated": 0, "id": 2621 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable" } ], "repeated": 0, "id": 2622 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate" } ], "repeated": 0, "id": 2623 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream" } ], "repeated": 0, "id": 2624 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath" } ], "repeated": 0, "id": 2625 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags" } ], "repeated": 0, "id": 2626 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes" } ], "repeated": 0, "id": 2627 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID" } ], "repeated": 0, "id": 2628 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000578" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler" } ], "repeated": 0, "id": 2629 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000578" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x0000057c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag" } ], "repeated": 0, "id": 2630 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" } ], "repeated": 0, "id": 2631 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2632 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000570" } ], "repeated": 0, "id": 2633 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2634 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xa0\\xbcg\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2635 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000578" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 2636 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000578" }, { "name": "SubKey", "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}" }, { "name": "Handle", "value": "0x00000580" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}" } ], "repeated": 0, "id": 2637 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000578" } ], "repeated": 0, "id": 2638 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category" } ], "repeated": 0, "id": 2639 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "System" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name" } ], "repeated": 0, "id": 2640 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder" } ], "repeated": 0, "id": 2641 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description" } ], "repeated": 0, "id": 2642 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath" } ], "repeated": 0, "id": 2643 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName" } ], "repeated": 0, "id": 2644 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip" } ], "repeated": 0, "id": 2645 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName" } ], "repeated": 0, "id": 2646 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon" } ], "repeated": 0, "id": 2647 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security" } ], "repeated": 0, "id": 2648 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource" } ], "repeated": 0, "id": 2649 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType" } ], "repeated": 0, "id": 2650 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly" } ], "repeated": 0, "id": 2651 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable" } ], "repeated": 0, "id": 2652 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate" } ], "repeated": 0, "id": 2653 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream" } ], "repeated": 0, "id": 2654 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath" } ], "repeated": 0, "id": 2655 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags" } ], "repeated": 0, "id": 2656 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes" } ], "repeated": 0, "id": 2657 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID" } ], "repeated": 0, "id": 2658 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000580" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler" } ], "repeated": 0, "id": 2659 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000580" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000578" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag" } ], "repeated": 0, "id": 2660 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2661 }, { "timestamp": "2026-05-28 21:44:21,197", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2662 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462128", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38601" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2663 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49b340", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462128" } ], "repeated": 0, "id": 2664 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461ed8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#87" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2665 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49aed8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461ed8" } ], "repeated": 0, "id": 2666 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2667 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000584" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2668 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2669 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2670 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2671 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2672 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2673 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2674 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2675 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2676 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462138", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38602" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2677 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49b7c0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462138" } ], "repeated": 0, "id": 2678 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461ee8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#88" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2679 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49b358", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461ee8" } ], "repeated": 0, "id": 2680 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2681 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000584" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2682 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2683 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2684 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775780", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2685 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2686 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2687 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2688 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2689 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2690 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462148", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38603" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2691 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49bc40", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462148" } ], "repeated": 0, "id": 2692 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461ef8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#89" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2693 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49b7d8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461ef8" } ], "repeated": 0, "id": 2694 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2695 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000584" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2696 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2697 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2698 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775a80", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2699 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2700 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2701 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2702 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776020", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2703 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2704 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462158", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38604" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2705 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49c0c0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462158" } ], "repeated": 0, "id": 2706 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f08", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#90" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2707 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49bc58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f08" } ], "repeated": 0, "id": 2708 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2709 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000584" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2710 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2711 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2712 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2713 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2714 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775fc0", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2715 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2716 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2717 }, { "timestamp": "2026-05-28 21:44:21,213", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2718 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462168", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38605" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2719 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49c540", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462168" } ], "repeated": 0, "id": 2720 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f18", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#91" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2721 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49c0d8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f18" } ], "repeated": 0, "id": 2722 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2723 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000570" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2724 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2725 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2726 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2727 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2728 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2729 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2730 }, { "timestamp": "2026-05-28 21:44:21,229", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2731 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2732 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462178", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38606" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2733 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49c9c0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462178" } ], "repeated": 0, "id": 2734 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f28", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#92" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2735 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49c558", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f28" } ], "repeated": 0, "id": 2736 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2737 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2738 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2739 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2740 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2741 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2742 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775840", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2743 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2744 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2745 }, { "timestamp": "2026-05-28 21:44:21,244", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2746 }, { "timestamp": "2026-05-28 21:44:21,291", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462188", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38607" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2747 }, { "timestamp": "2026-05-28 21:44:21,291", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49ce40", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462188" } ], "repeated": 0, "id": 2748 }, { "timestamp": "2026-05-28 21:44:21,291", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f38", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#93" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2749 }, { "timestamp": "2026-05-28 21:44:21,291", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49c9d8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f38" } ], "repeated": 0, "id": 2750 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2751 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2752 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2753 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2754 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2755 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2756 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2757 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2758 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776c80", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2759 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2760 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f462198", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38608" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2761 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49d2c0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f462198" } ], "repeated": 0, "id": 2762 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f48", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#94" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2763 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49ce58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f48" } ], "repeated": 0, "id": 2764 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2765 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2766 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2767 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2768 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2769 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2770 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2771 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2772 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2773 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2774 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f4621a8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38609" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2775 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49d740", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4621a8" } ], "repeated": 0, "id": 2776 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f58", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#95" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2777 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49d2d8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f58" } ], "repeated": 0, "id": 2778 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2779 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2780 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2781 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2782 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775a80", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2783 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2784 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2785 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2786 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776920", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2787 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2788 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f4621b8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38610" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2789 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49dbc0", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4621b8" } ], "repeated": 0, "id": 2790 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f68", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#96" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2791 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49d758", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f68" } ], "repeated": 0, "id": 2792 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2793 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2794 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2795 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2796 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2797 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2798 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x267937756c0", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2799 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2800 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775a80", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2801 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2802 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f4621c8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#38611" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2803 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49e040", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f4621c8" } ], "repeated": 0, "id": 2804 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x2678f461f78", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#97" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 2805 }, { "timestamp": "2026-05-28 21:44:21,307", "thread_id": "12440", "caller": "0x7ff7299e3dc4", "parentcaller": "0x7ff7299e38f4", "category": "misc", "api": "LoadResource", "status": true, "return": "0x2678f49dbd8", "arguments": [ { "name": "Module", "value": "0x7ff7299e0000" }, { "name": "ResourceInfo", "value": "0x2678f461f78" } ], "repeated": 0, "id": 2806 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2807 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2808 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2809 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2810 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2811 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2812 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776860", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2813 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2814 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775780", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2815 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3de8", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2816 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "windows", "api": "FindWindowW", "status": true, "return": "0x000300a8", "arguments": [ { "name": "ClassName", "value": "Shell_TrayWnd" }, { "name": "WindowName", "value": "" } ], "repeated": 0, "id": 2817 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 2818 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2819 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" } ], "repeated": 0, "id": 2820 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775e40", "arguments": [ { "name": "FileName", "value": "C:\\Windows" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01ca0431" } ], "repeated": 0, "id": 2821 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2822 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775840", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32" }, { "name": "FirstCreateTimeLow", "value": "0x3a6eea36" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acdd" } ], "repeated": 0, "id": 2823 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2824 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775a80", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\Taskmgr.exe" }, { "name": "FirstCreateTimeLow", "value": "0x6eac9751" }, { "name": "FirstCreateTimeHigh", "value": "0x01da265c" } ], "repeated": 0, "id": 2825 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "12440", "caller": "0x7ff7299e3e23", "parentcaller": "0x7ff7299e38f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2826 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 1, "id": 2827 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "samcli.dll" } ], "repeated": 0, "id": 2828 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\samcli.dll" } ], "repeated": 0, "id": 2829 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\samcli.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 2830 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000570" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000580" }, { "name": "FileName", "value": "C:\\Windows\\System32\\samcli.dll" } ], "repeated": 0, "id": 2831 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000570" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213d0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00019000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2832 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e6000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2833 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e0000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2834 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e0000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2835 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e0000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2836 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e0000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2837 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e0000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2838 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2839 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 2840 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e0000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 2841 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\samcli" }, { "name": "DllBase", "value": "0x7ffc213d0000" } ], "repeated": 0, "id": 2842 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000570" } ], "repeated": 0, "id": 2843 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2844 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xb0\\xc1o\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 2845 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000584" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 2846 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000584" }, { "name": "SubKey", "value": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}" }, { "name": "Handle", "value": "0x00000588" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}" } ], "repeated": 0, "id": 2847 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000584" } ], "repeated": 0, "id": 2848 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category" } ], "repeated": 0, "id": 2849 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "ProgramFiles" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name" } ], "repeated": 0, "id": 2850 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder" } ], "repeated": 0, "id": 2851 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description" } ], "repeated": 0, "id": 2852 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath" } ], "repeated": 0, "id": 2853 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName" } ], "repeated": 0, "id": 2854 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip" } ], "repeated": 0, "id": 2855 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21781" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName" } ], "repeated": 0, "id": 2856 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon" } ], "repeated": 0, "id": 2857 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security" } ], "repeated": 0, "id": 2858 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource" } ], "repeated": 0, "id": 2859 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType" } ], "repeated": 0, "id": 2860 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly" } ], "repeated": 0, "id": 2861 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable" } ], "repeated": 0, "id": 2862 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate" } ], "repeated": 0, "id": 2863 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream" } ], "repeated": 0, "id": 2864 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath" } ], "repeated": 0, "id": 2865 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags" } ], "repeated": 0, "id": 2866 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes" } ], "repeated": 0, "id": 2867 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID" } ], "repeated": 0, "id": 2868 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler" } ], "repeated": 0, "id": 2869 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000588" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000584" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag" } ], "repeated": 0, "id": 2870 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" } ], "repeated": 0, "id": 2871 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion" }, { "name": "Handle", "value": "0x00000588" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion" } ], "repeated": 0, "id": 2872 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "ProgramFilesDir" }, { "name": "Data", "value": "C:\\Program Files" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir" } ], "repeated": 0, "id": 2873 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" } ], "repeated": 0, "id": 2874 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000570" } ], "repeated": 0, "id": 2875 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files" } ], "repeated": 0, "id": 2876 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 2877 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2878 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings" } ], "repeated": 0, "id": 2879 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 2880 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 2881 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings" } ], "repeated": 0, "id": 2882 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2883 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 0, "id": 2884 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 2885 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2886 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2887 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2888 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2889 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "e\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00/\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00 \\x00N\\x00a\\x00m\\x00e\\x00=\\x00\"\\x00C\\x00:\\x00\\\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00 \\x00F\\x00i\\x00l\\x00e\\x00s\\x00 \\x00(\\x00x\\x008\\x006\\x00)\\x00\\\\x00S\\x00t\\x00e\\x00a\\x00m\\x00\\\\x00b\\x00i\\x00n\\x00\\\\x00c\\x00e\\x00f\\x00\\\\x00c\\x00e\\x00f\\x00.\\x00w\\x00i\\x00n\\x006\\x004\\x00\\\\x00s\\x00t\\x00e\\x00a\\x00m\\x00w\\x00e\\x00b\\x00h\\x00e\\x00l\\x00p\\x00e\\x00r\\x00.\\x00e\\x00x\\x00e\\x00\"\\x00 \\x00P\\x00I\\x00D\\x00=\\x00\"\\x006\\x006\\x005\\x002\\x00\"\\x00 \\x00S\\x00t\\x00a\\x00r\\x00t\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2890 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2891 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2892 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2893 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 2894 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2895 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2896 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2897 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2898 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00B\\x00C\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00B\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00E\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00I\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00g\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00A\\x00 \\x00-\\x00-\\x00f\\x00i\\x00e\\x00l\\x00d\\x00-\\x00t\\x00r\\x00i\\x00a\\x00l\\x00-\\x00h\\x00a\\x00n\\x00d\\x00l\\x00e\\x00=\\x001\\x009\\x001\\x002\\x00,\\x00i\\x00,\\x001\\x000\\x003\\x001\\x002\\x001\\x004\\x007\\x005\\x005\\x002\\x009\\x006\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2899 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2900 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2901 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2902 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 2903 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2904 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 0, "id": 2905 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2906 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2907 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2908 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2909 }, { "timestamp": "2026-05-28 21:44:21,322", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "4\\x00 \\x00-\\x00-\\x00e\\x00n\\x00a\\x00b\\x00l\\x00e\\x00-\\x00f\\x00e\\x00a\\x00t\\x00u\\x00r\\x00e\\x00s\\x00=\\x00P\\x00l\\x00a\\x00t\\x00f\\x00o\\x00r\\x00m\\x00H\\x00E\\x00V\\x00C\\x00D\\x00e\\x00c\\x00o\\x00d\\x00e\\x00r\\x00S\\x00u\\x00p\\x00p\\x00o\\x00r\\x00t\\x00 \\x00-\\x00-\\x00d\\x00i\\x00s\\x00a\\x00b\\x00l\\x00e\\x00-\\x00f\\x00e\\x00a\\x00t\\x00u\\x00r\\x00e\\x00s\\x00=\\x00B\\x00l\\x00o\\x00c\\x00k\\x00P\\x00r\\x00o\\x00m\\x00p\\x00t\\x00s\\x00I\\x00f\\x00I\\x00g\\x00]\\x00]\\x00>\\x00<\\x00/\\x00C\\x00o\\x00m\\x00m\\x00a\\x00n\\x00d\\x00L\\x00i\\x00n\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00D\\x00i\\x00s\\x00k\\x00U\\x00s\\x00a\\x00g\\x00e\\x00 \\x00U\\x00n\\x00i\\x00t\\x00s\\x00=\\x00\"\\x00b\\x00y\\x00t\\x00e\\x00s\\x00\"\\x00>\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2910 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2911 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2912 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaadf1", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2913 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 2914 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2915 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2916 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2917 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2918 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "\t\\x00<\\x00D\\x00i\\x00s\\x00k\\x00U\\x00s\\x00a\\x00g\\x00e\\x00 \\x00U\\x00n\\x00i\\x00t\\x00s\\x00=\\x00\"\\x00b\\x00y\\x00t\\x00e\\x00s\\x00\"\\x00>\\x007\\x008\\x003\\x003\\x006\\x00<\\x00/\\x00D\\x00i\\x00s\\x00k\\x00U\\x00s\\x00a\\x00g\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00C\\x00p\\x00u\\x00U\\x00s\\x00a\\x00g\\x00e\\x00 \\x00U\\x00n\\x00i\\x00t\\x00s\\x00=\\x00\"\\x00u\\x00s\\x00\"\\x00>\\x001\\x004\\x006\\x005\\x000\\x001\\x00<\\x00/\\x00C\\x00p\\x00u\\x00U\\x00s\\x00a\\x00g\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x007\\x000\\x006\\x000\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2919 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2920 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2921 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2922 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 2923 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2924 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2925 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2926 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2927 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "m\\x00a\\x00n\\x00d\\x00L\\x00i\\x00n\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00D\\x00i\\x00s\\x00k\\x00U\\x00s\\x00a\\x00g\\x00e\\x00 \\x00U\\x00n\\x00i\\x00t\\x00s\\x00=\\x00\"\\x00b\\x00y\\x00t\\x00e\\x00s\\x00\"\\x00>\\x008\\x007\\x000\\x004\\x00<\\x00/\\x00D\\x00i\\x00s\\x00k\\x00U\\x00s\\x00a\\x00g\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00C\\x00p\\x00u\\x00U\\x00s\\x00a\\x00g\\x00e\\x00 \\x00U\\x00n\\x00i\\x00t\\x00s\\x00=\\x00\"\\x00u\\x00s\\x00\"\\x00>\\x009\\x004\\x000\\x004\\x00<\\x00/\\x00C\\x00p\\x00u\\x00U\\x00s\\x00a\\x00g\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x004\\x001\\x008\\x004\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x00\r\\x00\n\\x00\t\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2928 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2929 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2930 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2931 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steamsysinfo.exe" } ], "repeated": 0, "id": 2932 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2933 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2934 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2935 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2936 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x002\\x005\\x00.\\x001\\x009\\x001\\x001\\x000\\x002\\x008\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00e\\x00x\\x00p\\x00l\\x00o\\x00r\\x00e\\x00r\\x00.\\x00e\\x00x\\x00e\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00/\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00 \\x00N\\x00a\\x00m\\x00e\\x00=\\x00\"\\x00C\\x00:\\x00\\\\x00P\\x00r\\x00o\\x00g\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2937 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2938 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2939 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2940 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 2941 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" } ], "repeated": 0, "id": 2942 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 2943 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2944 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2945 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2946 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2947 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x003\\x009\\x00.\\x000\\x008\\x008\\x009\\x005\\x000\\x001\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00.\\x00e\\x00x\\x00e\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00/\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00>\\x00\r\\x00\n\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2948 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2949 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2950 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaacae", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2951 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 2952 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2953 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2954 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2955 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2956 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "\n\\x00\t\\x00<\\x00/\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00 \\x00N\\x00a\\x00m\\x00e\\x00=\\x00\"\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00\\\\x00a\\x00p\\x00p\\x00-\\x001\\x00.\\x000\\x00.\\x009\\x002\\x003\\x008\\x00\\\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00.\\x00e\\x00x\\x00e\\x00\"\\x00 \\x00P\\x00I\\x00D\\x00=\\x00\"\\x006\\x008\\x004\\x004\\x00\"\\x00 \\x00S\\x00t\\x00a\\x00r\\x00t\\x00e\\x00d\\x00I\\x00n\\x00T\\x00r\\x00a\\x00c\\x00e\\x00S\\x00e\\x00c\\x00=\\x00\"\\x002\\x000\\x00.\\x007\\x005\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2957 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2958 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2959 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2960 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2961 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 2962 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2963 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2964 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2965 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2966 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "c\\x00e\\x00\\\\x00g\\x00p\\x00u\\x00_\\x00e\\x00n\\x00c\\x00o\\x00d\\x00e\\x00r\\x00_\\x00h\\x00e\\x00l\\x00p\\x00e\\x00r\\x00.\\x00e\\x00x\\x00e\\x00\"\\x00 \\x00P\\x00I\\x00D\\x00=\\x00\"\\x006\\x008\\x006\\x004\\x00\"\\x00 \\x00S\\x00t\\x00a\\x00r\\x00t\\x00e\\x00d\\x00I\\x00n\\x00T\\x00r\\x00a\\x00c\\x00e\\x00S\\x00e\\x00c\\x00=\\x00\"\\x002\\x000\\x00.\\x007\\x006\\x000\\x00\"\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x004\\x001\\x00.\\x004\\x004\\x001\\x009\\x003\\x002\\x005\\x00<\\x00/\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00C\\x00o\\x00m\\x00m\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2967 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2968 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2969 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2970 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 2971 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2972 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2973 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2974 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2975 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x005\\x009\\x007\\x006\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x003\\x007\\x00.\\x003\\x009\\x002\\x008\\x001\\x005\\x007\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00p\\x00y\\x00t\\x00h\\x00o\\x00n\\x00.\\x00e\\x00x\\x00e\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2976 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2977 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2978 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2979 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\\python.exe" } ], "repeated": 0, "id": 2980 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" } ], "repeated": 0, "id": 2981 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" } ], "repeated": 0, "id": 2982 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2983 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2984 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2985 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2986 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00.\\x00e\\x00x\\x00e\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00/\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00>\\x00\r\\x00\n\\x00\t\\x00<\\x00P\\x00r\\x00o\\x00c\\x00e\\x00s\\x00s\\x00 \\x00N\\x00a\\x00m\\x00e\\x00=\\x00\"\\x00C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00c\\x00o\\x00n\\x00h\\x00o\\x00s\\x00t\\x00.\\x00e\\x00x\\x00e\\x00\"\\x00 \\x00P\\x00I\\x00D\\x00=\\x00\"\\x003\\x005\\x004\\x008\\x00\"\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2987 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2988 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2989 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2990 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 2991 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 2992 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2993 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2994 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 2995 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "=\\x00c\\x00o\\x00m\\x00.\\x00s\\x00q\\x00u\\x00i\\x00r\\x00r\\x00e\\x00l\\x00.\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00.\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00 \\x00-\\x00-\\x00a\\x00p\\x00p\\x00-\\x00p\\x00a\\x00t\\x00h\\x00=\\x00\"\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00D\\x00i\\x00s\\x00c\\x00o\\x00r\\x00d\\x00\\\\x00a\\x00p\\x00p\\x00-\\x001\\x00.\\x000\\x00.\\x009\\x002\\x003\\x008\\x00\\\\x00r\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00s\\x00\\\\x00a\\x00p\\x00p\\x00.\\x00a\\x00s\\x00a\\x00r\\x00\"\\x00 \\x00-\\x00-\\x00n\\x00o\\x00-\\x00s\\x00a\\x00n\\x00d\\x00b\\x00o\\x00x\\x00 \\x00-\\x00-\\x00n\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 2996 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 2997 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 2998 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaad56", "parentcaller": "0x7ff729aaa87e", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 2999 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 3000 }, { "timestamp": "2026-05-28 21:44:21,338", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3001 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3002 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3003 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3004 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000004b8" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" }, { "name": "Buffer", "value": "/\\x00C\\x00p\\x00u\\x00U\\x00s\\x00a\\x00g\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x004\\x002\\x004\\x008\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00P\\x00I\\x00D\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x002\\x000\\x002\\x006\\x00/\\x000\\x005\\x00/\\x002\\x009\\x00:\\x000\\x000\\x00:\\x003\\x001\\x00:\\x002\\x005\\x00.\\x001\\x009\\x001\\x001\\x000\\x002\\x008\\x00<\\x00/\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00S\\x00t\\x00a\\x00r\\x00t\\x00T\\x00i\\x00m\\x00e\\x00>\\x00\r\\x00\n\\x00\t\\x00\t\\x00<\\x00P\\x00a\\x00r\\x00e\\x00n\\x00t\\x00N\\x00a\\x00m\\x00e\\x00>\\x00e\\x00x\\x00p\\x00l\\x00o\\x00" }, { "name": "Length", "value": "592" } ], "repeated": 0, "id": 3005 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3006 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3007 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 3008 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729aaad73", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" } ], "repeated": 0, "id": 3009 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3010 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3011 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3012 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3013 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3014 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3015 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa793", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 1, "id": 3016 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa999", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3017 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa999", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b8" } ], "repeated": 0, "id": 3018 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa999", "parentcaller": "0x7ff729aab1f4", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3019 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729aaa999", "parentcaller": "0x7ff729aab1f4", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3020 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4d8", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3021 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4f3", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b4" }, { "name": "SubKey", "value": "Run" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x000004b8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3022 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b501", "parentcaller": "0x7ff729a9e4df", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3023 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4d8", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3024 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4f3", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b4" }, { "name": "SubKey", "value": "Run32" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x00000570" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3025 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b501", "parentcaller": "0x7ff729a9e4df", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3026 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4d8", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3027 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4f3", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b4" }, { "name": "SubKey", "value": "Run" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x00000588" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3028 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b501", "parentcaller": "0x7ff729a9e4df", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3029 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4d8", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3030 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4f3", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b4" }, { "name": "SubKey", "value": "StartupFolder" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x0000058c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3031 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b501", "parentcaller": "0x7ff729a9e4df", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3032 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4d8", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3033 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9f119", "parentcaller": "0x7ff729a9b4f3", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b4" }, { "name": "SubKey", "value": "StartupFolder" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000103", "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_WOW64_64KEY" }, { "name": "Handle", "value": "0x00000590" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 3034 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b501", "parentcaller": "0x7ff729a9e4df", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3035 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000004b4" } ], "repeated": 0, "id": 3036 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3037 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x10\\xbbo\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3038 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 3039 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000594" }, { "name": "SubKey", "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}" }, { "name": "Handle", "value": "0x00000598" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}" } ], "repeated": 0, "id": 3040 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3041 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category" } ], "repeated": 0, "id": 3042 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Startup" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name" } ], "repeated": 0, "id": 3043 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "Data", "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder" } ], "repeated": 0, "id": 3044 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description" } ], "repeated": 0, "id": 3045 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "StartUp" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath" } ], "repeated": 0, "id": 3046 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName" } ], "repeated": 0, "id": 3047 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip" } ], "repeated": 0, "id": 3048 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21787" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName" } ], "repeated": 0, "id": 3049 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon" } ], "repeated": 0, "id": 3050 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security" } ], "repeated": 0, "id": 3051 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource" } ], "repeated": 0, "id": 3052 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType" } ], "repeated": 0, "id": 3053 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly" } ], "repeated": 0, "id": 3054 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable" } ], "repeated": 0, "id": 3055 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate" } ], "repeated": 0, "id": 3056 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream" } ], "repeated": 0, "id": 3057 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath" } ], "repeated": 0, "id": 3058 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags" } ], "repeated": 0, "id": 3059 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes" } ], "repeated": 0, "id": 3060 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID" } ], "repeated": 0, "id": 3061 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000598" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler" } ], "repeated": 0, "id": 3062 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag" } ], "repeated": 0, "id": 3063 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000598" } ], "repeated": 0, "id": 3064 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" }, { "name": "Handle", "value": "0x00000598" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" } ], "repeated": 0, "id": 3065 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 3066 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000594" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 3067 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3068 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xb6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80\\x94\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3069 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000594" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 3070 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000594" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x0000059c" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 3071 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3072 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x000000ea", "arguments": [ { "name": "Handle", "value": "0x0000059c" }, { "name": "ValueName", "value": "Startup" }, { "name": "Type", "value": "0x00000002", "pretty_value": "REG_EXPAND_SZ" }, { "name": "DataLength", "value": "152" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup" } ], "repeated": 0, "id": 3073 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000059c" }, { "name": "ValueName", "value": "Startup" }, { "name": "Data", "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup" } ], "repeated": 0, "id": 3074 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3075 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000059c" } ], "repeated": 0, "id": 3076 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" } ], "repeated": 0, "id": 3077 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3078 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ba63", "parentcaller": "0x7ff729a9e5f8", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793776a40", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*.*" }, { "name": "FirstCreateTimeLow", "value": "0xaff228df" }, { "name": "FirstCreateTimeHigh", "value": "0x01dceeb6" } ], "repeated": 0, "id": 3079 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9d4", "parentcaller": "0x7ff729a9e5f8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000059c" } ], "repeated": 0, "id": 3080 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000059c" } ], "repeated": 0, "id": 3081 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3082 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\x10\\xbbo\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3083 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 3084 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000004b4" }, { "name": "SubKey", "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}" } ], "repeated": 0, "id": 3085 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3086 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "3" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category" } ], "repeated": 0, "id": 3087 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Common Startup" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name" } ], "repeated": 0, "id": 3088 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "Data", "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder" } ], "repeated": 0, "id": 3089 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description" } ], "repeated": 0, "id": 3090 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "StartUp" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath" } ], "repeated": 0, "id": 3091 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName" } ], "repeated": 0, "id": 3092 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip" } ], "repeated": 0, "id": 3093 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "Data", "value": "@%SystemRoot%\\system32\\shell32.dll,-21787" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName" } ], "repeated": 0, "id": 3094 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon" } ], "repeated": 0, "id": 3095 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security" } ], "repeated": 0, "id": 3096 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource" } ], "repeated": 0, "id": 3097 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType" } ], "repeated": 0, "id": 3098 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly" } ], "repeated": 0, "id": 3099 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable" } ], "repeated": 0, "id": 3100 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate" } ], "repeated": 0, "id": 3101 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream" } ], "repeated": 0, "id": 3102 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath" } ], "repeated": 0, "id": 3103 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags" } ], "repeated": 0, "id": 3104 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Attributes" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes" } ], "repeated": 0, "id": 3105 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID" } ], "repeated": 0, "id": 3106 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler" } ], "repeated": 0, "id": 3107 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000594" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag" } ], "repeated": 0, "id": 3108 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3109 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 3110 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000594" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 3111 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3112 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 3113 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Common Startup" }, { "name": "Data", "value": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Startup" } ], "repeated": 0, "id": 3114 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000059c" } ], "repeated": 0, "id": 3115 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3116 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp" } ], "repeated": 0, "id": 3117 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9b9f3", "parentcaller": "0x7ff729a9e5f8", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3118 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ba63", "parentcaller": "0x7ff729a9e5f8", "category": "filesystem", "api": "FindFirstFileExW", "status": true, "return": "0x26793775780", "arguments": [ { "name": "FileName", "value": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\*.*" }, { "name": "FirstCreateTimeLow", "value": "0xc867053b" }, { "name": "FirstCreateTimeHigh", "value": "0x01d5acde" } ], "repeated": 0, "id": 3119 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9bd3f", "parentcaller": "0x7ff729a9e5f8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 3120 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a1f6b6", "parentcaller": "0x7ff729a9c3aa", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "0", "pretty_value": "FILE_SUPERSEDE" } ], "repeated": 0, "id": 3121 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a1f6b6", "parentcaller": "0x7ff729a9c3aa", "category": "misc", "api": "NtQuerySystemInformation", "status": true, "return": "0x00000000", "arguments": [ { "name": "SystemInformationClass", "value": "1", "pretty_value": "FILE_OPEN" } ], "repeated": 0, "id": 3122 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9c455", "parentcaller": "0x7ff729a9e63c", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" } ], "repeated": 0, "id": 3123 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9c0df", "parentcaller": "0x7ff729a9c48a", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000594" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "2" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 3124 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a3d36c", "parentcaller": "0x7ff729a9c16e", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "Index", "value": "0" }, { "name": "ValueName", "value": "SecurityHealth" }, { "name": "Type", "value": "2", "pretty_value": "REG_EXPAND_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth" } ], "repeated": 0, "id": 3125 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a3d20b", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "SecurityHealth" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth" } ], "repeated": 0, "id": 3126 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a3d2e0", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "SecurityHealth" }, { "name": "Data", "value": "%windir%\\system32\\SecurityHealthSystray.exe" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth" } ], "repeated": 0, "id": 3127 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9abc5", "parentcaller": "0x7ff729a9e244", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b8" }, { "name": "ValueName", "value": "SecurityHealth" }, { "name": "Data", "value": "\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\SecurityHealth" } ], "repeated": 0, "id": 3128 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3129 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 3130 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790d90002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\SecurityHealthSystray.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 3131 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 3132 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3133 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" } ], "repeated": 0, "id": 3134 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3135 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 3136 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790d90000" }, { "name": "RegionSize", "value": "0x00019000" } ], "repeated": 0, "id": 3137 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790d90002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\SecurityHealthSystray.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 3138 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 3139 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3140 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" } ], "repeated": 0, "id": 3141 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3142 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 3143 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790d90000" }, { "name": "RegionSize", "value": "0x00019000" } ], "repeated": 0, "id": 3144 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9d3aa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 1, "id": 3145 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790d90002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 3146 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 3147 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3148 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" } ], "repeated": 0, "id": 3149 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3150 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 3151 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790d90000" }, { "name": "RegionSize", "value": "0x00019000" } ], "repeated": 0, "id": 3152 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790d90002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 3153 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 3154 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3155 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en" } ], "repeated": 0, "id": 3156 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en\\SecurityHealthSystray.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3157 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 3158 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790d90000" }, { "name": "RegionSize", "value": "0x00019000" } ], "repeated": 0, "id": 3159 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3160 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3161 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3162 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3163 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" }, { "name": "Handle", "value": "0x0000059c" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" } ], "repeated": 0, "id": 3164 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x0000059c" }, { "name": "SubKey", "value": "" }, { "name": "Handle", "value": "0x000004b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" } ], "repeated": 0, "id": 3165 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3166 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3167 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000004b4" }, { "name": "ValueName", "value": "Max Cached Icons" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Max Cached Icons" } ], "repeated": 0, "id": 3168 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b4" } ], "repeated": 0, "id": 3169 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3170 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3171 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3172 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3173 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005a4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" } ], "repeated": 0, "id": 3174 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000005a4" }, { "name": "ValueName", "value": "PreferExternalManifest" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest" } ], "repeated": 0, "id": 3175 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005a4" } ], "repeated": 0, "id": 3176 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005a4" }, { "name": "DesiredAccess", "value": "0x00120089", "pretty_value": "FILE_GENERIC_READ" }, { "name": "FileName", "value": "C:\\Windows\\System32\\shell32.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 3177 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005a4" } ], "repeated": 0, "id": 3178 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 3179 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00004000" } ], "repeated": 0, "id": 3180 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "comctl32.dll" }, { "name": "BaseAddress", "value": "0x7ffc171f0000" } ], "repeated": 0, "id": 3181 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc171f0000", "arguments": [ { "name": "lpLibFileName", "value": "comctl32.dll" }, { "name": "dwFlags", "value": "0x00004000" } ], "repeated": 0, "id": 3182 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "ImageList_CoCreateInstance" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1726d910" } ], "repeated": 0, "id": 3183 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3184 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3185 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3186 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1743a000" }, { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3187 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 3188 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005ac" } ], "repeated": 0, "id": 3189 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3190 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "\\xc0\\xc3o\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3191 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x000005b0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 3192 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005b0" }, { "name": "SubKey", "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}" }, { "name": "Handle", "value": "0x000005b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}" } ], "repeated": 0, "id": 3193 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3194 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category" } ], "repeated": 0, "id": 3195 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Local AppData" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name" } ], "repeated": 0, "id": 3196 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder" } ], "repeated": 0, "id": 3197 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description" } ], "repeated": 0, "id": 3198 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "Data", "value": "AppData\\Local" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath" } ], "repeated": 0, "id": 3199 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName" } ], "repeated": 0, "id": 3200 }, { "timestamp": "2026-05-28 21:44:21,354", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip" } ], "repeated": 0, "id": 3201 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName" } ], "repeated": 0, "id": 3202 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon" } ], "repeated": 0, "id": 3203 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security" } ], "repeated": 0, "id": 3204 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource" } ], "repeated": 0, "id": 3205 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType" } ], "repeated": 0, "id": 3206 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly" } ], "repeated": 0, "id": 3207 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable" } ], "repeated": 0, "id": 3208 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate" } ], "repeated": 0, "id": 3209 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream" } ], "repeated": 0, "id": 3210 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath" } ], "repeated": 0, "id": 3211 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags" } ], "repeated": 0, "id": 3212 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes" } ], "repeated": 0, "id": 3213 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID" } ], "repeated": 0, "id": 3214 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler" } ], "repeated": 0, "id": 3215 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000005b4" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag" } ], "repeated": 0, "id": 3216 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 3217 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x000005b4" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 3218 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000005b4" }, { "name": "SubKey", "value": "KnownFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders" } ], "repeated": 0, "id": 3219 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 3220 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xbfo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80\\xb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3221 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005b4" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER" } ], "repeated": 0, "id": 3222 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005b4" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" }, { "name": "Handle", "value": "0x000005b0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders" } ], "repeated": 0, "id": 3223 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 3224 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "ValueName", "value": "Local AppData" }, { "name": "Data", "value": "%USERPROFILE%\\AppData\\Local" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData" } ], "repeated": 0, "id": 3225 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ac" } ], "repeated": 0, "id": 3226 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3227 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 3228 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 3229 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005b0" } ], "repeated": 0, "id": 3230 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3231 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "@\\xbfo\\x19\\xed\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3232 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" }, { "name": "Handle", "value": "0x000005ac" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions" } ], "repeated": 0, "id": 3233 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005ac" }, { "name": "SubKey", "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}" }, { "name": "Handle", "value": "0x000005b4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}" } ], "repeated": 0, "id": 3234 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ac" } ], "repeated": 0, "id": 3235 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Category" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category" } ], "repeated": 0, "id": 3236 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Name" }, { "name": "Data", "value": "Profile" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name" } ], "repeated": 0, "id": 3237 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "ParentFolder" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder" } ], "repeated": 0, "id": 3238 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Description" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description" } ], "repeated": 0, "id": 3239 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "RelativePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath" } ], "repeated": 0, "id": 3240 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "ParsingName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName" } ], "repeated": 0, "id": 3241 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "InfoTip" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip" } ], "repeated": 0, "id": 3242 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "LocalizedName" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName" } ], "repeated": 0, "id": 3243 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Icon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon" } ], "repeated": 0, "id": 3244 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Security" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security" } ], "repeated": 0, "id": 3245 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "StreamResource" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource" } ], "repeated": 0, "id": 3246 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "StreamResourceType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType" } ], "repeated": 0, "id": 3247 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "LocalRedirectOnly" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly" } ], "repeated": 0, "id": 3248 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Roamable" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable" } ], "repeated": 0, "id": 3249 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "PreCreate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate" } ], "repeated": 0, "id": 3250 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Stream" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream" } ], "repeated": 0, "id": 3251 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "PublishExpandedPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath" } ], "repeated": 0, "id": 3252 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "DefinitionFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags" } ], "repeated": 0, "id": 3253 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes" } ], "repeated": 0, "id": 3254 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "FolderTypeID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID" } ], "repeated": 0, "id": 3255 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005b4" }, { "name": "ValueName", "value": "InitFolderHandler" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler" } ], "repeated": 0, "id": 3256 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000005b4" }, { "name": "SubKey", "value": "PropertyBag" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag" } ], "repeated": 0, "id": 3257 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 3258 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005b4" } ], "repeated": 0, "id": 3259 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xd4{\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 3260 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3261 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3262 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3263 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3264 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "Handle", "value": "0x000005ac" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001" } ], "repeated": 0, "id": 3265 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ac" }, { "name": "ValueName", "value": "ProfileImagePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath" } ], "repeated": 0, "id": 3266 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ac" }, { "name": "ValueName", "value": "ProfileImagePath" }, { "name": "Data", "value": "C:\\Users\\admin" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath" } ], "repeated": 0, "id": 3267 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ac" } ], "repeated": 0, "id": 3268 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 3269 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3270 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3271 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3272 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "CreateDirectoryW", "status": false, "return": "0x00000000", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin" } ], "repeated": 0, "id": 3273 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin" } ], "repeated": 0, "id": 3274 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3275 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "CreateDirectoryW", "status": false, "return": "0x00000000", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin\\AppData\\Local" } ], "repeated": 0, "id": 3276 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" } ], "repeated": 0, "id": 3277 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3278 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3279 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3280 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "MutexName", "value": "" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 3281 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 3282 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3283 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3284 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3285 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3286 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" }, { "name": "Buffer", "value": "H\\x00\\x00\\x00Win4\\x06\\x05\\x00\\x00Z)\\x00\\x00 \\x00\\x00\\x00 \\x00\\x00\\x00 \\x00\\x00\\x00 \\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x000\\x00\\x00\\x000\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x0c\\x00\\x00\\x00\\x0c\\x00\\x00\\x00s\\x00\\x00\\x00\\x81\\x00 \\x00c\\x00:\\x00\\\\x00w\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\xfe\\xff\\xff\\xff\\x81\\x00 \\x00c\\x00:\\x00\\\\x00w\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\xa6\\xff\\xff\\xff\\x81\\x00 \\x00c\\x00:\\x00\\\\x00w\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 3287 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3288 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3289 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3290 }, { "timestamp": "2026-05-28 21:44:21,369", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3291 }, { "timestamp": "2026-05-28 21:44:21,416", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3292 }, { "timestamp": "2026-05-28 21:44:21,416", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3293 }, { "timestamp": "2026-05-28 21:44:21,416", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 3294 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3295 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3296 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3297 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3298 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3299 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3300 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3301 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3302 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3303 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3304 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3305 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3306 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3307 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3308 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3309 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3310 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3311 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3312 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3313 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3314 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3315 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3316 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3317 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3318 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3319 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3320 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3321 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3322 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3323 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3324 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3325 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3326 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3327 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3328 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3329 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3330 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3331 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3332 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3333 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3334 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3335 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3336 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3337 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3338 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3339 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3340 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3341 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3342 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3343 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3344 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3345 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3346 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3347 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3348 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3349 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3350 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3351 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3352 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3353 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3354 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3355 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3356 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3357 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3358 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3359 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3360 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3361 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3362 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3363 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3364 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3365 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3366 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3367 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3368 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3369 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3370 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3371 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3372 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3373 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3374 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3375 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3376 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3377 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3378 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3379 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3380 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3381 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3382 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3383 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3384 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3385 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3386 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3387 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3388 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3389 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3390 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3391 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3392 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3393 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3394 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3395 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3396 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3397 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3398 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3399 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3400 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3401 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3402 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3403 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3404 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3405 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3406 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3407 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3408 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3409 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3410 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3411 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3412 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3413 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3414 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3415 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3416 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3417 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3418 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3419 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3420 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3421 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3422 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3423 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3424 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3425 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3426 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3427 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3428 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3429 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3430 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3431 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3432 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3433 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3434 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3435 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3436 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3437 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3438 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3439 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3440 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3441 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3442 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3443 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3444 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3445 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3446 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3447 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3448 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3449 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3450 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3451 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3452 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3453 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3454 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3455 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3456 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3457 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3458 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3459 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3460 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3461 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3462 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3463 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3464 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3465 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3466 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3467 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3468 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3469 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3470 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3471 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3472 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3473 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3474 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3475 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3476 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3477 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3478 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3479 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3480 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3481 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3482 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3483 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3484 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3485 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3486 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3487 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3488 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3489 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3490 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3491 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3492 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3493 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3494 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3495 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3496 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3497 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3498 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3499 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3500 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3501 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3502 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3503 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3504 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3505 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3506 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3507 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3508 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3509 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3510 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3511 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3512 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3513 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3514 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3515 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3516 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3517 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3518 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3519 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3520 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3521 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3522 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3523 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3524 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3525 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3526 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3527 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3528 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3529 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3530 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3531 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3532 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3533 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3534 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3535 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3536 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3537 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3538 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3539 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3540 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3541 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3542 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3543 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3544 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3545 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3546 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3547 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3548 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3549 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3550 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3551 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3552 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3553 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3554 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3555 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3556 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3557 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3558 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3559 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3560 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3561 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3562 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3563 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3564 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3565 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3566 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3567 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3568 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3569 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3570 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3571 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3572 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3573 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3574 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3575 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3576 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3577 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3578 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3579 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3580 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3581 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3582 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3583 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3584 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3585 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3586 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3587 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3588 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3589 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3590 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3591 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3592 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3593 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3594 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3595 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3596 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3597 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3598 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3599 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3600 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3601 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3602 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3603 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3604 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3605 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3606 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3607 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3608 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3609 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3610 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3611 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3612 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3613 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3614 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3615 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3616 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3617 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3618 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3619 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3620 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3621 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3622 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3623 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3624 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3625 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3626 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3627 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3628 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3629 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3630 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3631 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3632 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3633 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3634 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3635 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3636 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3637 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3638 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3639 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3640 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3641 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3642 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3643 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3644 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3645 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3646 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3647 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3648 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3649 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3650 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3651 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3652 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3653 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3654 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3655 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3656 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3657 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3658 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3659 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3660 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3661 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3662 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3663 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3664 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3665 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3666 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3667 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3668 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3669 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3670 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3671 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3672 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3673 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3674 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3675 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3676 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3677 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3678 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3679 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3680 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3681 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3682 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3683 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3684 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3685 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3686 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3687 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3688 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3689 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3690 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3691 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3692 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3693 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3694 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3695 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3696 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3697 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3698 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3699 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3700 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3701 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3702 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3703 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3704 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3705 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3706 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3707 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3708 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3709 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3710 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3711 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3712 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3713 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3714 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3715 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3716 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3717 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3718 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3719 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3720 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3721 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3722 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3723 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3724 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3725 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3726 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3727 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3728 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3729 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3730 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3731 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3732 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3733 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3734 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3735 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3736 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3737 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3738 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3739 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3740 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3741 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3742 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3743 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3744 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3745 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3746 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3747 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3748 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3749 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3750 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3751 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3752 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3753 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3754 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3755 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3756 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3757 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3758 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3759 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3760 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3761 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3762 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3763 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3764 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3765 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3766 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3767 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3768 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3769 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3770 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3771 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3772 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3773 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3774 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3775 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3776 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3777 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3778 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3779 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3780 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3781 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3782 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3783 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3784 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3785 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3786 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3787 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3788 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3789 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3790 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3791 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3792 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3793 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3794 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3795 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3796 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3797 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3798 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3799 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3800 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3801 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3802 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3803 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3804 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3805 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3806 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3807 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3808 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3809 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3810 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3811 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3812 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3813 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3814 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3815 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3816 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3817 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3818 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3819 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3820 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3821 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3822 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3823 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3824 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3825 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3826 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3827 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3828 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3829 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3830 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3831 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3832 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3833 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3834 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3835 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3836 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3837 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3838 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3839 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3840 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3841 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3842 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3843 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3844 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3845 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3846 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3847 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3848 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3849 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3850 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3851 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3852 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3853 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3854 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3855 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3856 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3857 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3858 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3859 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3860 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3861 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3862 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3863 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3864 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3865 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3866 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3867 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3868 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3869 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3870 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3871 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3872 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3873 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3874 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3875 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3876 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3877 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3878 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3879 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3880 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3881 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3882 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3883 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3884 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3885 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3886 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3887 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3888 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3889 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3890 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3891 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3892 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3893 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3894 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3895 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3896 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3897 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3898 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3899 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3900 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3901 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3902 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3903 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3904 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3905 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3906 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3907 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3908 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3909 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3910 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3911 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3912 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3913 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3914 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3915 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3916 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3917 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3918 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3919 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3920 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3921 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3922 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3923 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3924 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3925 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3926 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3927 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3928 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3929 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3930 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3931 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3932 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3933 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3934 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3935 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3936 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3937 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3938 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3939 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3940 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3941 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3942 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3943 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3944 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3945 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3946 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3947 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3948 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3949 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3950 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3951 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3952 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3953 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3954 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3955 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3956 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3957 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3958 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3959 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3960 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3961 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3962 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3963 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3964 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3965 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3966 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3967 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3968 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3969 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3970 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3971 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3972 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3973 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3974 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3975 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3976 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3977 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3978 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3979 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3980 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3981 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3982 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3983 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3984 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3985 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3986 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3987 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3988 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3989 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3990 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3991 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3992 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 3993 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 3994 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3995 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3996 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 3997 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 3998 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 3999 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4000 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4001 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4002 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4003 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4004 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4005 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4006 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4007 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4008 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4009 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4010 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4011 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4012 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4013 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4014 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4015 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4016 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4017 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4018 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4019 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4020 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4021 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4022 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4023 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4024 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4025 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4026 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4027 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4028 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4029 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4030 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4031 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4032 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4033 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4034 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4035 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4036 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4037 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4038 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4039 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4040 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4041 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4042 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4043 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4044 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4045 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4046 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4047 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4048 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4049 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4050 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4051 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4052 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4053 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4054 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4055 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4056 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4057 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4058 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4059 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4060 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4061 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4062 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4063 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4064 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4065 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4066 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4067 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4068 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4069 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4070 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4071 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4072 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4073 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4074 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4075 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4076 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4077 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4078 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4079 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4080 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4081 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4082 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4083 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4084 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4085 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4086 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4087 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4088 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4089 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4090 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4091 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4092 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4093 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4094 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4095 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4096 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4097 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4098 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4099 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4100 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4101 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4102 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4103 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4104 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4105 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4106 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4107 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4108 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4109 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4110 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4111 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4112 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4113 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4114 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4115 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4116 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4117 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4118 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4119 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4120 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4121 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4122 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4123 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4124 }, { "timestamp": "2026-05-28 21:44:21,432", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4125 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4126 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4127 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4128 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4129 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4130 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4131 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4132 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4133 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4134 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4135 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4136 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4137 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4138 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4139 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4140 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4141 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4142 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4143 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4144 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4145 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4146 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4147 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4148 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4149 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4150 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4151 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4152 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4153 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4154 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4155 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4156 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4157 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4158 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4159 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4160 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4161 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4162 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4163 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4164 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4165 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4166 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4167 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4168 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4169 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4170 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4171 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4172 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4173 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4174 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4175 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4176 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4177 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4178 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4179 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4180 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4181 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4182 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4183 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4184 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4185 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4186 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4187 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4188 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4189 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4190 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4191 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4192 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4193 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4194 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4195 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4196 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4197 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4198 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4199 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4200 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4201 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4202 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4203 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4204 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4205 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4206 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4207 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4208 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4209 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4210 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4211 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4212 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4213 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4214 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4215 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4216 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4217 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4218 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4219 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4220 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4221 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4222 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4223 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4224 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4225 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4226 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4227 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4228 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4229 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4230 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4231 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4232 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4233 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4234 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4235 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4236 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4237 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4238 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4239 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4240 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4241 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4242 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4243 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4244 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4245 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4246 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4247 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4248 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4249 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4250 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4251 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4252 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4253 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4254 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4255 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4256 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4257 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4258 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4259 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4260 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4261 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4262 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4263 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4264 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4265 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4266 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4267 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4268 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4269 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4270 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4271 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4272 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4273 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4274 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4275 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4276 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4277 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4278 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4279 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4280 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4281 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4282 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4283 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4284 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4285 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4286 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4287 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4288 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4289 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4290 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4291 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4292 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4293 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4294 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4295 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4296 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4297 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4298 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4299 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4300 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4301 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4302 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4303 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4304 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4305 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4306 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4307 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4308 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4309 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4310 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4311 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4312 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4313 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4314 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4315 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4316 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4317 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4318 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4319 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4320 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4321 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4322 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4323 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4324 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4325 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4326 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4327 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4328 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4329 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4330 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4331 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4332 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4333 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4334 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4335 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4336 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4337 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4338 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4339 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4340 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4341 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4342 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4343 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4344 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4345 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4346 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4347 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4348 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4349 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4350 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4351 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4352 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4353 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4354 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4355 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4356 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4357 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4358 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4359 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4360 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4361 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4362 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4363 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4364 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4365 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4366 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4367 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4368 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4369 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4370 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4371 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4372 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4373 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4374 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4375 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4376 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4377 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4378 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4379 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4380 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4381 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4382 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4383 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4384 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4385 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4386 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4387 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4388 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4389 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4390 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4391 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4392 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4393 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4394 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4395 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4396 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4397 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4398 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4399 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4400 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4401 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4402 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4403 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4404 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4405 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4406 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4407 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4408 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4409 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4410 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4411 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4412 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4413 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4414 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4415 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4416 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4417 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4418 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4419 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4420 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4421 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4422 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4423 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4424 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4425 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4426 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4427 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4428 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4429 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4430 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4431 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4432 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4433 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4434 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4435 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4436 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4437 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4438 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4439 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4440 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4441 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4442 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4443 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4444 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4445 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4446 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4447 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4448 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4449 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4450 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4451 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4452 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4453 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4454 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4455 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4456 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4457 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4458 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4459 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4460 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4461 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4462 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4463 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4464 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4465 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4466 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4467 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4468 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4469 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4470 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4471 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4472 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4473 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4474 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4475 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4476 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4477 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4478 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4479 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4480 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4481 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4482 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4483 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4484 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4485 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4486 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4487 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4488 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4489 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4490 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4491 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4492 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4493 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4494 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4495 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4496 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4497 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4498 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4499 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4500 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4501 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4502 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4503 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4504 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4505 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4506 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4507 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4508 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4509 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4510 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4511 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4512 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4513 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4514 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4515 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4516 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4517 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4518 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4519 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4520 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4521 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4522 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4523 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4524 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4525 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4526 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4527 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4528 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4529 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4530 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4531 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4532 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4533 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4534 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4535 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4536 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4537 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4538 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4539 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4540 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4541 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4542 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4543 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4544 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4545 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4546 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4547 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4548 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4549 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4550 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4551 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4552 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4553 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4554 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4555 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4556 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4557 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4558 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4559 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4560 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4561 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4562 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4563 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4564 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4565 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4566 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4567 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4568 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4569 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4570 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4571 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4572 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4573 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4574 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4575 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4576 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4577 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4578 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4579 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4580 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4581 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4582 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4583 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4584 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4585 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4586 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4587 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4588 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4589 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4590 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4591 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4592 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4593 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4594 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4595 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4596 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4597 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4598 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4599 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4600 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4601 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4602 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4603 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4604 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4605 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4606 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4607 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4608 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4609 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4610 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4611 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4612 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4613 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4614 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4615 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4616 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4617 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4618 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4619 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4620 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4621 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4622 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4623 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4624 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4625 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4626 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4627 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4628 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4629 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4630 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4631 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4632 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4633 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4634 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4635 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4636 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4637 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4638 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4639 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4640 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4641 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4642 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4643 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4644 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4645 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4646 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4647 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4648 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4649 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4650 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4651 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4652 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4653 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4654 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4655 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4656 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4657 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4658 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4659 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4660 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4661 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4662 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4663 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4664 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4665 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4666 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4667 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4668 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4669 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4670 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4671 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4672 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4673 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4674 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4675 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4676 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4677 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4678 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4679 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4680 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4681 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4682 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4683 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4684 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4685 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4686 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4687 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4688 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4689 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4690 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4691 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4692 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4693 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4694 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4695 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4696 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4697 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4698 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4699 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4700 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4701 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4702 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4703 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4704 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4705 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4706 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4707 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4708 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4709 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4710 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4711 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4712 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4713 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4714 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4715 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4716 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4717 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4718 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4719 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4720 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4721 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4722 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4723 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4724 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4725 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4726 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4727 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4728 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4729 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4730 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4731 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4732 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4733 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4734 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4735 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4736 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4737 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4738 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4739 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4740 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4741 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4742 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4743 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4744 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4745 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4746 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4747 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4748 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4749 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4750 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4751 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4752 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4753 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4754 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4755 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4756 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4757 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4758 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4759 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4760 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4761 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4762 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4763 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4764 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4765 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4766 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4767 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4768 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4769 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4770 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4771 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4772 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4773 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4774 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4775 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4776 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4777 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4778 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4779 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4780 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4781 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4782 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4783 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4784 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4785 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4786 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4787 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4788 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4789 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4790 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4791 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4792 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4793 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4794 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4795 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4796 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4797 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4798 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4799 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4800 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4801 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4802 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4803 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4804 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4805 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4806 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4807 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4808 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4809 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4810 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4811 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4812 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4813 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4814 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4815 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4816 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4817 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4818 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4819 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4820 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4821 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4822 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4823 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4824 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4825 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4826 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4827 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4828 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4829 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4830 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4831 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4832 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4833 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4834 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4835 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4836 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4837 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4838 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4839 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4840 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4841 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4842 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4843 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4844 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4845 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4846 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4847 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4848 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4849 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4850 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4851 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4852 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4853 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4854 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4855 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4856 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4857 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4858 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4859 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4860 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4861 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4862 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4863 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4864 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4865 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4866 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4867 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4868 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4869 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4870 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4871 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4872 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4873 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4874 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4875 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4876 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4877 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4878 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4879 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4880 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4881 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4882 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4883 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4884 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4885 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4886 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4887 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4888 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4889 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4890 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4891 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4892 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4893 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4894 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4895 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4896 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4897 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4898 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4899 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4900 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4901 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4902 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4903 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4904 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4905 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4906 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4907 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4908 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4909 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4910 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4911 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4912 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4913 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4914 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4915 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4916 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4917 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4918 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4919 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4920 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4921 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4922 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4923 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4924 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4925 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4926 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4927 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4928 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4929 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4930 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4931 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4932 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4933 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4934 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4935 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4936 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4937 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4938 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4939 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4940 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4941 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4942 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4943 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4944 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4945 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4946 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4947 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4948 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4949 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4950 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4951 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4952 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4953 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4954 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4955 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4956 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4957 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4958 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4959 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4960 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4961 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4962 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4963 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4964 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4965 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4966 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4967 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4968 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4969 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4970 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4971 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4972 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4973 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4974 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4975 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4976 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4977 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4978 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4979 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4980 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4981 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4982 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4983 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4984 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4985 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4986 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4987 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4988 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4989 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4990 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4991 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4992 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4993 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 4994 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 4995 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4996 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 4997 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 4998 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 4999 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5000 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5001 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5002 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5003 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5004 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5005 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5006 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5007 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5008 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5009 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5010 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5011 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5012 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5013 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5014 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5015 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5016 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5017 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5018 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5019 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5020 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5021 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5022 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5023 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5024 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5025 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5026 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5027 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5028 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5029 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5030 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5031 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5032 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5033 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5034 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5035 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5036 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5037 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5038 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5039 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5040 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5041 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5042 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5043 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5044 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5045 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5046 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5047 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5048 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5049 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5050 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5051 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5052 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5053 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5054 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5055 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5056 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5057 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5058 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5059 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5060 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5061 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5062 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5063 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5064 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5065 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5066 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5067 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5068 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5069 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5070 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5071 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5072 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5073 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5074 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5075 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5076 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5077 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5078 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5079 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5080 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5081 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5082 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5083 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5084 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5085 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5086 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5087 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5088 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5089 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5090 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5091 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5092 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5093 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5094 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5095 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5096 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5097 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5098 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5099 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5100 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5101 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5102 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5103 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5104 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5105 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5106 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5107 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5108 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5109 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5110 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5111 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5112 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5113 }, { "timestamp": "2026-05-28 21:44:21,447", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5114 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5115 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5116 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5117 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5118 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5119 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5120 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5121 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5122 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5123 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5124 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5125 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5126 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5127 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5128 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5129 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5130 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5131 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5132 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5133 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5134 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5135 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5136 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5137 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5138 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5139 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5140 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5141 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5142 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5143 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5144 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5145 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5146 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5147 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5148 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5149 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5150 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5151 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5152 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5153 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5154 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5155 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5156 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5157 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5158 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5159 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" }, { "name": "Buffer", "value": "\\x0b\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00\r\\xff\\xff\\xff\\x81\\x00\\x0b\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00\\x85\\xbe\\xff\\xff\\x81\\x00\\x0b\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00\\x86\\xbe\\xff\\xff\\x81\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00J\\xeb\\xff\\xff\\x81\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00K\\xeb\\xff\\xff\\x81\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00I\\xeb\\xff\\xff\\x81\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00H\\xeb\\xff\\xff\\x81\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00E\\xeb\\xff\\xff\\x81\\x00\\x0c\\x00i\\x00m\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 5160 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5161 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5162 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5163 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5164 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5165 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5166 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5167 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5168 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5169 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5170 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5171 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5172 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5173 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5174 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5175 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5176 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5177 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5178 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5179 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5180 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5181 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5182 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5183 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5184 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5185 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5186 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5187 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5188 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5189 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5190 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5191 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5192 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5193 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5194 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5195 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5196 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5197 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5198 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5199 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5200 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5201 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5202 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5203 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5204 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5205 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5206 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5207 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5208 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5209 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5210 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5211 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5212 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5213 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5214 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5215 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5216 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5217 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5218 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5219 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5220 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5221 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5222 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5223 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5224 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5225 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5226 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5227 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5228 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5229 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5230 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5231 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5232 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5233 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5234 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5235 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5236 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5237 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5238 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5239 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5240 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5241 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5242 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5243 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5244 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5245 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5246 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5247 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5248 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5249 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5250 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5251 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5252 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5253 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5254 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5255 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5256 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5257 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5258 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5259 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5260 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5261 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5262 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5263 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5264 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5265 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5266 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5267 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5268 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5269 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5270 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5271 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5272 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5273 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5274 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5275 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5276 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5277 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5278 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5279 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5280 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5281 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5282 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5283 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5284 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5285 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5286 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5287 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5288 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5289 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5290 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5291 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5292 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5293 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5294 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5295 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5296 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5297 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5298 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5299 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5300 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5301 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5302 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5303 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5304 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5305 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5306 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5307 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5308 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5309 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5310 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5311 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5312 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5313 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5314 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5315 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5316 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5317 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5318 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5319 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5320 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5321 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5322 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5323 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5324 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5325 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5326 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5327 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5328 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5329 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5330 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5331 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5332 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5333 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5334 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5335 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5336 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5337 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5338 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5339 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5340 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5341 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5342 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5343 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5344 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5345 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5346 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5347 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5348 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5349 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5350 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5351 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5352 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5353 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5354 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5355 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5356 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5357 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5358 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5359 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5360 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5361 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5362 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5363 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5364 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5365 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5366 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5367 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5368 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5369 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5370 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5371 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5372 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5373 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5374 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5375 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5376 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5377 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5378 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5379 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5380 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5381 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5382 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5383 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5384 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5385 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5386 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5387 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5388 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5389 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5390 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5391 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5392 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5393 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5394 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5395 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5396 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5397 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5398 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5399 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5400 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5401 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5402 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5403 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5404 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5405 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5406 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5407 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5408 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5409 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5410 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5411 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5412 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5413 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5414 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5415 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5416 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5417 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5418 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5419 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5420 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5421 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5422 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5423 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5424 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5425 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5426 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5427 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5428 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5429 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5430 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5431 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5432 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5433 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5434 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5435 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5436 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5437 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5438 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5439 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5440 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5441 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5442 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5443 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5444 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5445 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5446 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5447 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5448 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5449 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5450 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5451 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5452 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5453 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5454 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5455 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5456 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5457 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5458 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5459 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5460 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5461 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5462 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5463 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5464 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5465 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5466 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5467 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5468 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5469 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5470 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5471 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5472 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5473 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5474 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5475 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5476 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5477 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5478 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5479 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5480 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5481 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5482 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5483 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5484 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5485 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5486 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5487 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5488 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5489 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5490 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5491 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5492 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5493 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5494 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5495 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5496 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5497 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5498 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5499 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5500 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5501 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5502 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5503 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5504 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5505 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5506 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5507 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5508 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5509 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5510 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5511 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5512 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5513 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5514 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5515 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5516 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5517 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5518 }, { "timestamp": "2026-05-28 21:44:21,463", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5519 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5520 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5521 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5522 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5523 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5524 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5525 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5526 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5527 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5528 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5529 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5530 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5531 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5532 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5533 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5534 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5535 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5536 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5537 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5538 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5539 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5540 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5541 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5542 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5543 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5544 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5545 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5546 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5547 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5548 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5549 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5550 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5551 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5552 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5553 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5554 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5555 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5556 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5557 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5558 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5559 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5560 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5561 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5562 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5563 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5564 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5565 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5566 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5567 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5568 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5569 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5570 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5571 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5572 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5573 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5574 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5575 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5576 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5577 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5578 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5579 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5580 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5581 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5582 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5583 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5584 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5585 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5586 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5587 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5588 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5589 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5590 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5591 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5592 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5593 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5594 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5595 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5596 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5597 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5598 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5599 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5600 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5601 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5602 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5603 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5604 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5605 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5606 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5607 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5608 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5609 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5610 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5611 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5612 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5613 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5614 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5615 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5616 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5617 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5618 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5619 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5620 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5621 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5622 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5623 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5624 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5625 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5626 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5627 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5628 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5629 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5630 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5631 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5632 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5633 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5634 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5635 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5636 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5637 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5638 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5639 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5640 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5641 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5642 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5643 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5644 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5645 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5646 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5647 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5648 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5649 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5650 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5651 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5652 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5653 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5654 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5655 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5656 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5657 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5658 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5659 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5660 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5661 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5662 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5663 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5664 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5665 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5666 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5667 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5668 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5669 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5670 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5671 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5672 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5673 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5674 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5675 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5676 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5677 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5678 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5679 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5680 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5681 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5682 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5683 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5684 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5685 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5686 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5687 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5688 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5689 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5690 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5691 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5692 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5693 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5694 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5695 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5696 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5697 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5698 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5699 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5700 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5701 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5702 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5703 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5704 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5705 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5706 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5707 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5708 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5709 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5710 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5711 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5712 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5713 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5714 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5715 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5716 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5717 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5718 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5719 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5720 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5721 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5722 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5723 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5724 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5725 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5726 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5727 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5728 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5729 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5730 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5731 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5732 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5733 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5734 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5735 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5736 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5737 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5738 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5739 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5740 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5741 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5742 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5743 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5744 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5745 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5746 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5747 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5748 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5749 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5750 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5751 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5752 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5753 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5754 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5755 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5756 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5757 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5758 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5759 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5760 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5761 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5762 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5763 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5764 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5765 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5766 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5767 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5768 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5769 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5770 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5771 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5772 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5773 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5774 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5775 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5776 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5777 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5778 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5779 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5780 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5781 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5782 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5783 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5784 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5785 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5786 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5787 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5788 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5789 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5790 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5791 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5792 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5793 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5794 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5795 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5796 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5797 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5798 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5799 }, { "timestamp": "2026-05-28 21:44:21,510", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5800 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5801 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5802 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5803 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5804 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5805 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5806 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5807 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5808 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5809 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5810 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5811 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5812 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5813 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5814 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5815 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5816 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5817 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5818 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5819 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5820 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5821 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5822 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5823 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5824 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5825 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5826 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5827 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5828 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5829 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5830 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5831 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5832 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5833 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5834 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5835 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5836 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5837 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5838 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5839 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5840 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5841 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5842 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5843 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5844 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5845 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5846 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5847 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5848 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5849 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5850 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5851 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5852 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5853 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5854 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5855 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5856 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5857 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5858 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5859 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5860 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5861 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5862 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5863 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5864 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5865 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5866 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5867 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5868 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5869 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5870 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5871 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5872 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5873 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5874 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5875 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5876 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5877 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5878 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5879 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5880 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5881 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5882 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5883 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5884 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5885 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5886 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5887 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5888 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5889 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5890 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5891 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5892 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5893 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5894 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5895 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5896 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5897 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5898 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5899 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5900 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5901 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5902 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5903 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5904 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5905 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5906 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5907 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5908 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5909 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5910 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5911 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5912 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5913 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5914 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5915 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5916 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5917 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5918 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5919 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5920 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5921 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5922 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5923 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5924 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5925 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5926 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5927 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5928 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5929 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5930 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5931 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5932 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5933 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5934 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5935 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5936 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5937 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5938 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5939 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5940 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5941 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5942 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5943 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5944 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5945 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5946 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5947 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5948 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5949 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5950 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5951 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5952 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5953 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5954 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5955 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5956 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5957 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5958 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5959 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5960 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5961 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5962 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5963 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5964 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5965 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5966 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5967 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5968 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5969 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5970 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5971 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5972 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5973 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5974 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5975 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5976 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5977 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5978 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5979 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5980 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5981 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5982 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5983 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5984 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5985 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5986 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5987 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5988 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5989 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5990 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5991 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5992 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 5993 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5994 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5995 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 5996 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 5997 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 5998 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 5999 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6000 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6001 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6002 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6003 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6004 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6005 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6006 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6007 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6008 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6009 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6010 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6011 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6012 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6013 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6014 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6015 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6016 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6017 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6018 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6019 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6020 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6021 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6022 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6023 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6024 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6025 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6026 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6027 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6028 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6029 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6030 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6031 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6032 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6033 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6034 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6035 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6036 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6037 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6038 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6039 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6040 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6041 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6042 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6043 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6044 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6045 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6046 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6047 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6048 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6049 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6050 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6051 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6052 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6053 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6054 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6055 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6056 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6057 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6058 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6059 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6060 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6061 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6062 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6063 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6064 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6065 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6066 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6067 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6068 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6069 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6070 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6071 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6072 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6073 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6074 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6075 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6076 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6077 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6078 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6079 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6080 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6081 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6082 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6083 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6084 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6085 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6086 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6087 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6088 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6089 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6090 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6091 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6092 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6093 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6094 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6095 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6096 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6097 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6098 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6099 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6100 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6101 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6102 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6103 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6104 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6105 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6106 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6107 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6108 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6109 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6110 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6111 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6112 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6113 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6114 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6115 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6116 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6117 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6118 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6119 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6120 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6121 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6122 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6123 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6124 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6125 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6126 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6127 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6128 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6129 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6130 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6131 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6132 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6133 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6134 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6135 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6136 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6137 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6138 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6139 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6140 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6141 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6142 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6143 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6144 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6145 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6146 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6147 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6148 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6149 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6150 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6151 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6152 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6153 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6154 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6155 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6156 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6157 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6158 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6159 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6160 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6161 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6162 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6163 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6164 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6165 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6166 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6167 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6168 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6169 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6170 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6171 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6172 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6173 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6174 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6175 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6176 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6177 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6178 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6179 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6180 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6181 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6182 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6183 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6184 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6185 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6186 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6187 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6188 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6189 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6190 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6191 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6192 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6193 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6194 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6195 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6196 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6197 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6198 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6199 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6200 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6201 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6202 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6203 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6204 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6205 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6206 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6207 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6208 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6209 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6210 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6211 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6212 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6213 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6214 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6215 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6216 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6217 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6218 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6219 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6220 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6221 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6222 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6223 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6224 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6225 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6226 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6227 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6228 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6229 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6230 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6231 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6232 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6233 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6234 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6235 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6236 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6237 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6238 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6239 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6240 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6241 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6242 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6243 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6244 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6245 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6246 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6247 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6248 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6249 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6250 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6251 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6252 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6253 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6254 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6255 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6256 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6257 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6258 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6259 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6260 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6261 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6262 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6263 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6264 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6265 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6266 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6267 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6268 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6269 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6270 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6271 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6272 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6273 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6274 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6275 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6276 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6277 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6278 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6279 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6280 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6281 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6282 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6283 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6284 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6285 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6286 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6287 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6288 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6289 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6290 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6291 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6292 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6293 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6294 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6295 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6296 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6297 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6298 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6299 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6300 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6301 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6302 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6303 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6304 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6305 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6306 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6307 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6308 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6309 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6310 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6311 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6312 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6313 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6314 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6315 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6316 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6317 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6318 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6319 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6320 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6321 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6322 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6323 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6324 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6325 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6326 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6327 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6328 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6329 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6330 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6331 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6332 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6333 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6334 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6335 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6336 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6337 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6338 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6339 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6340 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6341 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6342 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6343 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6344 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6345 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6346 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6347 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6348 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6349 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6350 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6351 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6352 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6353 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6354 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6355 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6356 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6357 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6358 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6359 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6360 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6361 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6362 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6363 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6364 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6365 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6366 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6367 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6368 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6369 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6370 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6371 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6372 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6373 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6374 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6375 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6376 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6377 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6378 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6379 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6380 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6381 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6382 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6383 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6384 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6385 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6386 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6387 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6388 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6389 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6390 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6391 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6392 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6393 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6394 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6395 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6396 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6397 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6398 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6399 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6400 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6401 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6402 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6403 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6404 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6405 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6406 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6407 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6408 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6409 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6410 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6411 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6412 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6413 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6414 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6415 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6416 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6417 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6418 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6419 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6420 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6421 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6422 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6423 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6424 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6425 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6426 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6427 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6428 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6429 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6430 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6431 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6432 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6433 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6434 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6435 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6436 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6437 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6438 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6439 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6440 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6441 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6442 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6443 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6444 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6445 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6446 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6447 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6448 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6449 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6450 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6451 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6452 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6453 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6454 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6455 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6456 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6457 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6458 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6459 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6460 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6461 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6462 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6463 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6464 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6465 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6466 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6467 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6468 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6469 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6470 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6471 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6472 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6473 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6474 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6475 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6476 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6477 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6478 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6479 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6480 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6481 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6482 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6483 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6484 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6485 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6486 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6487 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6488 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6489 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6490 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6491 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6492 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6493 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6494 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6495 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6496 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6497 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6498 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6499 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6500 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6501 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6502 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6503 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6504 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6505 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6506 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6507 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6508 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6509 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6510 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6511 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6512 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6513 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6514 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6515 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6516 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6517 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6518 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6519 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6520 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6521 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6522 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6523 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6524 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6525 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6526 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6527 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6528 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6529 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6530 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6531 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6532 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6533 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6534 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6535 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6536 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6537 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6538 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6539 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6540 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6541 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6542 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6543 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6544 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6545 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6546 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6547 }, { "timestamp": "2026-05-28 21:44:21,525", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6548 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6549 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6550 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6551 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6552 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6553 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6554 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6555 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6556 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6557 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6558 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6559 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6560 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" }, { "name": "Buffer", "value": "r\\x00o\\x00a\\x00m\\x00i\\x00n\\x00g\\x00\\\\x00m\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00i\\x00n\\x00t\\x00e\\x00r\\x00n\\x00e\\x00t\\x00 \\x00e\\x00x\\x00p\\x00l\\x00o\\x00r\\x00e\\x00r\\x00\\\\x00q\\x00u\\x00i\\x00c\\x00k\\x00 \\x00l\\x00a\\x00u\\x00n\\x00c\\x00h\\x00\\\\x00u\\x00s\\x00e\\x00r\\x00 \\x00p\\x00i\\x00n\\x00n\\x00e\\x00d\\x00\\\\x00t\\x00a\\x00s\\x00k\\x00b\\x00a\\x00r\\x00\\\\x00m\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00e\\x00d\\x00g\\x00e\\x00.\\x00l\\x00n\\x00k\\x00\\x86U\\x11\\x08\\x00\\x00\\x00\\x80\\xff\\xff\\xff\\xffm\\x00c\\x00:\\x00\\\\x00u\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00a\\x00p\\x00p\\x00d\\x00a\\x00t\\x00a\\x00\\\\x00r\\x00o\\x00a\\x00m\\x00i\\x00n\\x00g\\x00\\\\x00m\\x00i\\x00c\\x00" }, { "name": "Length", "value": "4096" } ], "repeated": 0, "id": 6561 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6562 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6563 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6564 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6565 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6566 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6567 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6568 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6569 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6570 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6571 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6572 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6573 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6574 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6575 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6576 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6577 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6578 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6579 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6580 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6581 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6582 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6583 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6584 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6585 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6586 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6587 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6588 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6589 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6590 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6591 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6592 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6593 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6594 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6595 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6596 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6597 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6598 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6599 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6600 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6601 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6602 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6603 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6604 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6605 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6606 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6607 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6608 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6609 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6610 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6611 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6612 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6613 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6614 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6615 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6616 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6617 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6618 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6619 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6620 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6621 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6622 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6623 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6624 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6625 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6626 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6627 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6628 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6629 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6630 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6631 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6632 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6633 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6634 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6635 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6636 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6637 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6638 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6639 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6640 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6641 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6642 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6643 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6644 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6645 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6646 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6647 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6648 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6649 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6650 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6651 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6652 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6653 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6654 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6655 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6656 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6657 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6658 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6659 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6660 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6661 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6662 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6663 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6664 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6665 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6666 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6667 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6668 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6669 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6670 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6671 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6672 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6673 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6674 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6675 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6676 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6677 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6678 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6679 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6680 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6681 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6682 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6683 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6684 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6685 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6686 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6687 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6688 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6689 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6690 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6691 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6692 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6693 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6694 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6695 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6696 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6697 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6698 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6699 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6700 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6701 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6702 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6703 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6704 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6705 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6706 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6707 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6708 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6709 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6710 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6711 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6712 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6713 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6714 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6715 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6716 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6717 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6718 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6719 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6720 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6721 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6722 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6723 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6724 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6725 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6726 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6727 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6728 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6729 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6730 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6731 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6732 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6733 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6734 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6735 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6736 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6737 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6738 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6739 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6740 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6741 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6742 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6743 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6744 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6745 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6746 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6747 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6748 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6749 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6750 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6751 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6752 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6753 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6754 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6755 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6756 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6757 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6758 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6759 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6760 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6761 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6762 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6763 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6764 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6765 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6766 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6767 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6768 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6769 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6770 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6771 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6772 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6773 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6774 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6775 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6776 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6777 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6778 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6779 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6780 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6781 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6782 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6783 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6784 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6785 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6786 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6787 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6788 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6789 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6790 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6791 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6792 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6793 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6794 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6795 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6796 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6797 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6798 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6799 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6800 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6801 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6802 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6803 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6804 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6805 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6806 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6807 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6808 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6809 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6810 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6811 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6812 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6813 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6814 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6815 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6816 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6817 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6818 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6819 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6820 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6821 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6822 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6823 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6824 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6825 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6826 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6827 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6828 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6829 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6830 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6831 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6832 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6833 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6834 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6835 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6836 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6837 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6838 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6839 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6840 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6841 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6842 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6843 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6844 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6845 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6846 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6847 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6848 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6849 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6850 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6851 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6852 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6853 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6854 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6855 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6856 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6857 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6858 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6859 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6860 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6861 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6862 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6863 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6864 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6865 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6866 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6867 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6868 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6869 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6870 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6871 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6872 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6873 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6874 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6875 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6876 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6877 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6878 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6879 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6880 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6881 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6882 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6883 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6884 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6885 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6886 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6887 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6888 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6889 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6890 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6891 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6892 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6893 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6894 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6895 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6896 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6897 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6898 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6899 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6900 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6901 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6902 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6903 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6904 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6905 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6906 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6907 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6908 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6909 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6910 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6911 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6912 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6913 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6914 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6915 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6916 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6917 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6918 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6919 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6920 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6921 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6922 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6923 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6924 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6925 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6926 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6927 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6928 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6929 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6930 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6931 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6932 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6933 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6934 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6935 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6936 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6937 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6938 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6939 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6940 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6941 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6942 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6943 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6944 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6945 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6946 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6947 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6948 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6949 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6950 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6951 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6952 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6953 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6954 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6955 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6956 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6957 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6958 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6959 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6960 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6961 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6962 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6963 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6964 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6965 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6966 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6967 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6968 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6969 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6970 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6971 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6972 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6973 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6974 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6975 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6976 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6977 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6978 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6979 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6980 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6981 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6982 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6983 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6984 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6985 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6986 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6987 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6988 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6989 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6990 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6991 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6992 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6993 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6994 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 6995 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 6996 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 6997 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 6998 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 6999 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7000 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7001 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7002 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7003 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7004 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7005 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7006 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7007 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7008 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7009 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7010 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7011 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7012 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7013 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7014 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7015 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7016 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7017 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7018 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7019 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7020 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7021 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7022 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7023 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7024 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7025 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7026 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7027 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7028 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7029 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7030 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7031 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7032 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7033 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7034 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7035 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7036 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7037 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7038 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7039 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7040 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7041 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7042 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7043 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7044 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7045 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7046 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7047 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7048 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7049 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7050 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7051 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7052 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7053 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7054 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7055 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7056 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7057 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7058 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7059 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7060 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7061 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7062 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7063 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7064 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7065 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7066 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7067 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7068 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7069 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7070 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7071 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7072 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7073 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7074 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7075 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7076 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7077 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7078 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7079 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7080 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7081 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7082 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7083 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7084 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7085 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7086 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7087 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7088 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7089 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7090 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7091 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7092 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7093 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7094 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7095 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7096 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7097 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7098 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7099 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7100 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7101 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7102 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7103 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7104 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7105 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7106 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7107 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7108 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7109 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7110 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7111 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7112 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7113 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7114 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7115 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7116 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7117 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7118 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7119 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7120 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7121 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7122 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7123 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7124 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7125 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7126 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7127 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7128 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7129 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7130 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7131 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7132 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7133 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7134 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7135 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7136 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7137 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7138 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7139 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7140 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7141 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7142 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7143 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7144 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7145 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7146 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7147 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7148 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7149 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7150 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7151 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7152 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7153 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7154 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7155 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7156 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7157 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7158 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7159 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7160 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7161 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7162 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7163 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7164 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7165 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7166 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7167 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7168 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7169 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7170 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7171 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7172 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7173 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7174 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7175 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7176 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7177 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7178 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7179 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7180 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7181 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7182 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7183 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7184 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7185 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7186 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7187 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7188 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7189 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7190 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7191 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7192 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7193 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7194 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7195 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7196 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7197 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7198 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7199 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7200 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7201 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7202 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7203 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7204 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7205 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7206 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7207 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7208 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7209 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7210 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7211 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7212 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7213 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7214 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7215 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7216 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7217 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7218 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7219 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7220 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7221 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7222 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7223 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7224 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7225 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7226 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7227 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7228 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7229 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7230 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7231 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7232 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7233 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7234 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7235 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7236 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7237 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7238 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7239 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7240 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7241 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7242 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7243 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7244 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7245 }, { "timestamp": "2026-05-28 21:44:21,541", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7246 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7247 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7248 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7249 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7250 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7251 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7252 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7253 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7254 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7255 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7256 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7257 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7258 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7259 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7260 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7261 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7262 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7263 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7264 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7265 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7266 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7267 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7268 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7269 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7270 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7271 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7272 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7273 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7274 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7275 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7276 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7277 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7278 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7279 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7280 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7281 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7282 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7283 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7284 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7285 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7286 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7287 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7288 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7289 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7290 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7291 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7292 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7293 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7294 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7295 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7296 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7297 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7298 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7299 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7300 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7301 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7302 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7303 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7304 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7305 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7306 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7307 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7308 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7309 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7310 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7311 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7312 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7313 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7314 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7315 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7316 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7317 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7318 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7319 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7320 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7321 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7322 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7323 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7324 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7325 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7326 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7327 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7328 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7329 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7330 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7331 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7332 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7333 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7334 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7335 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7336 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7337 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7338 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7339 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7340 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7341 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7342 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7343 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7344 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7345 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005b4" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" }, { "name": "Buffer", "value": "r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00K\\xeb\\xff\\xff\\x00\\x00\\x06\\x00F\\x00\\x00\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00I\\xeb\\xff\\xff\\x00\\x00\\x06\\x00G\\x00\\x00\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00H\\xeb\\xff\\xff\\x00\\x00\\x06\\x00H\\x00\\x00\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00E\\xeb\\xff\\xff\\x00\\x00\\x06\\x00I\\x00\\x00\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00$\\xeb\\xff\\xff\\x00\\x00\\x06\\x00J\\x00\\x00\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00F\\xeb\\xff\\xff\\x00\\x00\\x06\\x00K\\x00\\x00\\x00\\x0c\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x17\\xeb\\xff\\xff\\x00\\x00\\x06\\x00L\\x00\\x00\\x00\\x0c\\x00" }, { "name": "Length", "value": "4084" } ], "repeated": 0, "id": 7346 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7347 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7348 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7349 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7350 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7351 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7352 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7353 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7354 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7355 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7356 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7357 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7358 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7359 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7360 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7361 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7362 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7363 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7364 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7365 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7366 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7367 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7368 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7369 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7370 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7371 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7372 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7373 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7374 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7375 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7376 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7377 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7378 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7379 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7380 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7381 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7382 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7383 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7384 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7385 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7386 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7387 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7388 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7389 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7390 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7391 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7392 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7393 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7394 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7395 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7396 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7397 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7398 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7399 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7400 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7401 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7402 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7403 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7404 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7405 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7406 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7407 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7408 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7409 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7410 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7411 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7412 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7413 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7414 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7415 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7416 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7417 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7418 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7419 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7420 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7421 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7422 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7423 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7424 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7425 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7426 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7427 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7428 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7429 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7430 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7431 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7432 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7433 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7434 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7435 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7436 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7437 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7438 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7439 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7440 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7441 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7442 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7443 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7444 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7445 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7446 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7447 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7448 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7449 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7450 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7451 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7452 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7453 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7454 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7455 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7456 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7457 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7458 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7459 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7460 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7461 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7462 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7463 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7464 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7465 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7466 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7467 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7468 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7469 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7470 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7471 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7472 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7473 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7474 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7475 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7476 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7477 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7478 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7479 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7480 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7481 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7482 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7483 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7484 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7485 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7486 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7487 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7488 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7489 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7490 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7491 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7492 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7493 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7494 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7495 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7496 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7497 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7498 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7499 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7500 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7501 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7502 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7503 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7504 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7505 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7506 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7507 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7508 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7509 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7510 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7511 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7512 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7513 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7514 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7515 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7516 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7517 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7518 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7519 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7520 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7521 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7522 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7523 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7524 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7525 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7526 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7527 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7528 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7529 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7530 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7531 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7532 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7533 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7534 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7535 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7536 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7537 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7538 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7539 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7540 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7541 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7542 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7543 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7544 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7545 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7546 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7547 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7548 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7549 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7550 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7551 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7552 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7553 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7554 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7555 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7556 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7557 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7558 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7559 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7560 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7561 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7562 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7563 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7564 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7565 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7566 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7567 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7568 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7569 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7570 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7571 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7572 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7573 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7574 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7575 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7576 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7577 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7578 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7579 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7580 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7581 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7582 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7583 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7584 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7585 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7586 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7587 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7588 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7589 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7590 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7591 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7592 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7593 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7594 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7595 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7596 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7597 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7598 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7599 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7600 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7601 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7602 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7603 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7604 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7605 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7606 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7607 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7608 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7609 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7610 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7611 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7612 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7613 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7614 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7615 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7616 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7617 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7618 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7619 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7620 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7621 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7622 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7623 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7624 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7625 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7626 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7627 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7628 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7629 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7630 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7631 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7632 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7633 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7634 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7635 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7636 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7637 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7638 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7639 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7640 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7641 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7642 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7643 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7644 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7645 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7646 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7647 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7648 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7649 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7650 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7651 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7652 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7653 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7654 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7655 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7656 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7657 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7658 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7659 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7660 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7661 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7662 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7663 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7664 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7665 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7666 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7667 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7668 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7669 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7670 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7671 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7672 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7673 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7674 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7675 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7676 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7677 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7678 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7679 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7680 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7681 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7682 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7683 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7684 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7685 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7686 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7687 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7688 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7689 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7690 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7691 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7692 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7693 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7694 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7695 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7696 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7697 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7698 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7699 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7700 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7701 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7702 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7703 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7704 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7705 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7706 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7707 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7708 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7709 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7710 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7711 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7712 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7713 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7714 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7715 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7716 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7717 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7718 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7719 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7720 }, { "timestamp": "2026-05-28 21:44:21,557", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7721 }, { "timestamp": "2026-05-28 21:44:21,604", "thread_id": "12440", "caller": "0x7ff7299e3c77", "parentcaller": "0x7ff7299e3c07", "category": "system", "api": "CreateTimerQueueTimer", "status": true, "return": "0x00000001", "arguments": [ { "name": "phNewTimer", "value": "0x267937baad0" }, { "name": "TimerQueue", "value": "0x00000000" }, { "name": "Callback", "value": "0x29a44c70" }, { "name": "Parameter", "value": "0x1967fd30" }, { "name": "DueTime", "value": "2000" }, { "name": "Period", "value": "1000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 7722 }, { "timestamp": "2026-05-28 21:44:21,604", "thread_id": "12440", "caller": "0x7ff7299e3932", "parentcaller": "0x7ff729a0e0ed", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 7723 }, { "timestamp": "2026-05-28 21:44:21,604", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7724 }, { "timestamp": "2026-05-28 21:44:21,604", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7725 }, { "timestamp": "2026-05-28 21:44:21,604", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7726 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7727 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7728 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7729 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7730 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7731 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7732 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7733 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7734 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7735 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7736 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7737 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7738 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7739 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7740 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7741 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7742 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7743 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7744 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7745 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7746 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7747 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7748 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7749 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7750 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7751 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7752 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7753 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7754 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7755 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7756 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7757 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7758 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7759 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7760 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7761 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7762 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7763 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7764 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7765 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7766 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7767 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7768 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7769 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7770 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7771 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7772 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7773 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7774 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7775 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7776 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7777 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7778 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7779 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7780 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7781 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7782 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7783 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7784 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7785 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7786 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7787 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7788 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7789 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7790 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7791 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7792 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7793 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7794 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7795 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7796 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7797 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7798 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7799 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7800 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7801 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7802 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7803 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7804 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7805 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7806 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7807 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7808 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7809 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7810 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7811 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7812 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7813 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7814 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7815 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7816 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7817 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7818 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7819 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7820 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7821 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7822 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7823 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7824 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7825 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7826 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7827 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7828 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7829 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7830 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7831 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7832 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7833 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7834 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7835 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7836 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7837 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7838 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7839 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7840 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7841 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7842 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7843 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7844 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7845 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7846 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7847 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7848 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7849 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7850 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7851 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7852 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7853 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7854 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7855 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7856 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7857 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7858 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7859 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7860 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7861 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7862 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7863 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7864 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7865 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7866 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7867 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7868 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7869 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7870 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7871 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7872 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7873 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7874 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7875 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7876 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7877 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7878 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7879 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7880 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7881 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7882 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7883 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7884 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7885 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7886 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7887 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7888 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7889 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7890 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7891 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7892 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7893 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7894 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7895 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7896 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7897 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7898 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7899 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7900 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7901 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7902 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7903 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7904 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7905 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7906 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7907 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7908 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7909 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7910 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7911 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7912 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7913 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7914 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7915 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7916 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7917 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7918 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7919 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7920 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7921 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7922 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7923 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7924 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7925 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7926 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7927 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7928 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7929 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7930 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7931 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7932 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7933 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7934 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7935 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7936 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7937 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7938 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7939 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7940 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7941 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7942 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7943 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7944 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7945 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7946 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7947 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7948 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7949 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7950 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7951 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7952 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7953 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7954 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7955 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7956 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7957 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7958 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7959 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7960 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7961 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7962 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7963 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7964 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7965 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7966 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7967 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7968 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7969 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7970 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7971 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7972 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7973 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7974 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7975 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7976 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7977 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7978 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7979 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7980 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7981 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7982 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7983 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7984 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7985 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7986 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7987 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7988 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7989 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7990 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7991 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7992 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7993 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7994 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 7995 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 7996 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 7997 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 7998 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 7999 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8000 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8001 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8002 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8003 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8004 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8005 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8006 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8007 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8008 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8009 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8010 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8011 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8012 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8013 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8014 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8015 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8016 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8017 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8018 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8019 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8020 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8021 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8022 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8023 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8024 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8025 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8026 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8027 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8028 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8029 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8030 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8031 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8032 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8033 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8034 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8035 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8036 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8037 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8038 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8039 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8040 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8041 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8042 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8043 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8044 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8045 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8046 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8047 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8048 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8049 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8050 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8051 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8052 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8053 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8054 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8055 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8056 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8057 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8058 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8059 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8060 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8061 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8062 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8063 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8064 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8065 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8066 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8067 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8068 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8069 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8070 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8071 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8072 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8073 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8074 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8075 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8076 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8077 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8078 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8079 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8080 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8081 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8082 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8083 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8084 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8085 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8086 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8087 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8088 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8089 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8090 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8091 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8092 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8093 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8094 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8095 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8096 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8097 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8098 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8099 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8100 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8101 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8102 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8103 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8104 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8105 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8106 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8107 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8108 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8109 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8110 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8111 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8112 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8113 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8114 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8115 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8116 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8117 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8118 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8119 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8120 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8121 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8122 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8123 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8124 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8125 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8126 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8127 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8128 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8129 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8130 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8131 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8132 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8133 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8134 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8135 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8136 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8137 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8138 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8139 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8140 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8141 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8142 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8143 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8144 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8145 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8146 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8147 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8148 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8149 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8150 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8151 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8152 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8153 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8154 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8155 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8156 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8157 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8158 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8159 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8160 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8161 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8162 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8163 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8164 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8165 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8166 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8167 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8168 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8169 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8170 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8171 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8172 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8173 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8174 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8175 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8176 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8177 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8178 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8179 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8180 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8181 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8182 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8183 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8184 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8185 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8186 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8187 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8188 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8189 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8190 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8191 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8192 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8193 }, { "timestamp": "2026-05-28 21:44:21,619", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8194 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8195 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8196 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8197 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8198 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8199 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8200 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8201 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8202 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8203 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8204 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8205 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8206 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8207 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8208 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8209 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8210 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8211 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8212 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8213 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8214 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8215 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8216 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8217 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8218 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8219 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8220 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8221 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8222 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8223 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8224 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8225 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8226 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8227 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8228 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8229 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8230 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8231 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8232 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8233 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8234 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8235 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8236 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8237 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8238 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8239 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8240 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8241 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8242 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8243 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8244 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8245 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8246 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8247 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8248 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8249 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8250 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8251 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8252 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8253 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8254 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8255 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8256 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8257 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8258 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8259 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8260 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8261 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8262 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8263 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8264 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8265 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8266 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8267 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8268 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8269 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8270 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8271 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8272 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8273 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8274 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8275 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8276 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8277 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8278 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8279 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8280 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8281 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 1, "id": 8282 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8283 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 8284 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8285 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8286 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons" } ], "repeated": 3, "id": 8287 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8288 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8289 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 8290 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 8291 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005b0" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" } ], "repeated": 0, "id": 8292 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "ValueName", "value": "GlobalAssocChangedCounter" }, { "name": "Data", "value": "8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter" } ], "repeated": 0, "id": 8293 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8294 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 8295 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x0000027c" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 8296 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000005b0" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x0000027c" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer" } ], "repeated": 0, "id": 8297 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" }, { "name": "ValueName", "value": "GlobalAssocChangedCounter" }, { "name": "Data", "value": "5" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter" } ], "repeated": 0, "id": 8298 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ebac", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b0" } ], "repeated": 0, "id": 8299 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8300 }, { "timestamp": "2026-05-28 21:44:21,635", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf66000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8301 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\samcli" }, { "name": "BaseAddress", "value": "0x7ffc213d0000" }, { "name": "InitRoutine", "value": "0x7ffc213d51e0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 8302 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8303 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11210", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8304 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 8305 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "SAMLIB.dll" } ], "repeated": 0, "id": 8306 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\samlib.dll" } ], "repeated": 0, "id": 8307 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000580" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\samlib.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 8308 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005b4" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000580" }, { "name": "FileName", "value": "C:\\Windows\\System32\\samlib.dll" } ], "repeated": 0, "id": 8309 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005b4" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27430000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x00028000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8310 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27455000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8311 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2744a000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8312 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2744a000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8313 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2744a000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8314 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2744a000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8315 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2744a000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8316 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005b4" } ], "repeated": 0, "id": 8317 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000580" } ], "repeated": 0, "id": 8318 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2744a000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8319 }, { "timestamp": "2026-05-28 21:44:21,822", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\SAMLIB" }, { "name": "DllBase", "value": "0x7ffc27430000" } ], "repeated": 0, "id": 8320 }, { "timestamp": "2026-05-28 21:44:21,838", "thread_id": "3380", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8321 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8322 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8323 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 8324 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\samlib" }, { "name": "BaseAddress", "value": "0x7ffc27430000" }, { "name": "InitRoutine", "value": "0x7ffc27433de0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 8325 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e6000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8326 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc213e6000" }, { "name": "ModuleName", "value": "samcli.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8327 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27455000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8328 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc27455000" }, { "name": "ModuleName", "value": "SAMLIB.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8329 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff7299e714e", "parentcaller": "0x7ff7299e6b0a", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8330 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtSetInformationProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessInformationClass", "value": "93" }, { "name": "ProcessInformation", "value": "\\x7f7\\x9e}" } ], "repeated": 0, "id": 8331 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x0000000d" }, { "name": "ObjectAttributes", "value": "netutils.dll" } ], "repeated": 0, "id": 8332 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\netutils.dll" } ], "repeated": 0, "id": 8333 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005c4" }, { "name": "DesiredAccess", "value": "0x00100021", "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\netutils.dll" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 8334 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005c8" }, { "name": "DesiredAccess", "value": "0x0000000d", "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005c4" }, { "name": "FileName", "value": "C:\\Windows\\System32\\netutils.dll" } ], "repeated": 0, "id": 8335 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005c8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca0000" }, { "name": "SectionOffset", "value": "0x00000000" }, { "name": "ViewSize", "value": "0x0000c000" }, { "name": "Win32Protect", "value": "0x00000080", "pretty_value": "PAGE_EXECUTE_WRITECOPY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8336 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca6000" }, { "name": "ModuleName", "value": "netutils.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8337 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca6000" }, { "name": "ModuleName", "value": "netutils.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8338 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca6000" }, { "name": "ModuleName", "value": "netutils.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8339 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca6000" }, { "name": "ModuleName", "value": "netutils.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8340 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca6000" }, { "name": "ModuleName", "value": "netutils.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8341 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c8" } ], "repeated": 0, "id": 8342 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 8343 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29ca6000" }, { "name": "ModuleName", "value": "netutils.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8344 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\netutils" }, { "name": "DllBase", "value": "0x7ffc29ca0000" } ], "repeated": 0, "id": 8345 }, { "timestamp": "2026-05-28 21:44:22,291", "thread_id": "11620", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8346 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "system", "api": "LdrpCallInitRoutine", "status": true, "return": "0x00000001", "arguments": [ { "name": "MappedPath", "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\netutils" }, { "name": "BaseAddress", "value": "0x7ffc29ca0000" }, { "name": "InitRoutine", "value": "0x7ffc29ca1ce0" }, { "name": "Reason", "value": "1" } ], "repeated": 0, "id": 8347 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8348 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a1129b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8349 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005c4" } ], "repeated": 0, "id": 8350 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 8351 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 8352 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8353 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8354 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8355 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8356 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8357 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8358 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8359 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e702a", "parentcaller": "0x7ff7299e6b22", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8360 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005c4" } ], "repeated": 0, "id": 8361 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 8362 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 8363 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000478" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8364 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8365 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8366 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8367 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8368 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8369 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8370 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8371 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 1, "id": 8372 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8373 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005c4" } ], "repeated": 0, "id": 8374 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "12" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 8375 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6f26", "parentcaller": "0x7ff7299e6b30", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 8376 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1e531000" }, { "name": "ModuleName", "value": "Windows.UI.Immersive.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8377 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1e531000" }, { "name": "ModuleName", "value": "Windows.UI.Immersive.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8378 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x000005c4" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 8379 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000005c4" }, { "name": "ValueName", "value": "UseDefaultTile" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile" } ], "repeated": 0, "id": 8380 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005c4" } ], "repeated": 0, "id": 8381 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 8382 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1e532000" }, { "name": "ModuleName", "value": "Windows.UI.Immersive.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8383 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc1e532000" }, { "name": "ModuleName", "value": "Windows.UI.Immersive.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8384 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users\\S-1-5-21-3968686040-3210279463-847977608-1001" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users\\S-1-5-21-3968686040-3210279463-847977608-1001" } ], "repeated": 0, "id": 8385 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8386 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8387 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8388 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8389 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 8390 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 8391 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" } ], "repeated": 0, "id": 8392 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 8393 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 8394 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" } ], "repeated": 0, "id": 8395 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 8396 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 8397 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" } ], "repeated": 0, "id": 8398 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 8399 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 8400 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e6dc5", "parentcaller": "0x7ff7299e6b3b", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling" } ], "repeated": 0, "id": 8401 }, { "timestamp": "2026-05-28 21:44:22,604", "thread_id": "10832", "caller": "0x7ff7299e50a7", "parentcaller": "0x7ff7299e501f", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "COMCTL32.dll" }, { "name": "ModuleHandle", "value": "0x7ffc171f0000" }, { "name": "FunctionName", "value": "DPA_InsertPtr" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc17273970" } ], "repeated": 0, "id": 8402 }, { "timestamp": "2026-05-28 21:44:22,619", "thread_id": "10832", "caller": "0x7ff7299f4a58", "parentcaller": "0x7ff7299f4bdc", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224013" }, { "name": "InputBuffer", "value": " \\x04\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "\\xb8\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x01\\x00\\x00 \\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x04\\x00\\x00\\x000\\x00,\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x08\\x00\\x10^_\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x05\\x00\\x08\\x00\\x80\\xc3\\xc9\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1a\\x00\\x08\\x00\\x1e\t\\x08\\x9f\\x04\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1b\\x00\\x04\\x00q[\\x16\\x1a\\x00\\x00\\x00\\x00`\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\x00\\x00\\x00\\x04\\x00\\x00\\x000\\x00,\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x08\\x00&4\\x96\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x05\\x00\\x08\\x00ro\\x91\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1a\\x00\\x08\\x00`j\\x81j\\x04\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x1b\\x00\\x04\\x00v[\\x16\\x1a\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x02\\x00\\x00\\x00(\\x00\\x00\\x00\\x04\\x00\\x00\\x00" } ], "repeated": 0, "id": 8403 }, { "timestamp": "2026-05-28 21:44:22,619", "thread_id": "10832", "caller": "0x7ff7299f4a58", "parentcaller": "0x7ff7299f4c19", "category": "device", "api": "NtDeviceIoControlFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000041c" }, { "name": "HandleName", "value": "\\Device\\PcwDrv" }, { "name": "IoControlCode", "value": "0x00224013" }, { "name": "InputBuffer", "value": "$\\x04\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutputBuffer", "value": "x\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00 \\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x02\\x00\\x00\\x00d\\x00e\\x00f\\x00a\\x00u\\x00l\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x08\\x00S_\\x19\\xcf\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x01\\x00\\x08\\x00\\x00>p\\x13\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8404 }, { "timestamp": "2026-05-28 21:44:22,619", "thread_id": "10832", "caller": "0x7ff7299f6f7b", "parentcaller": "0x7ff7299edb94", "category": "misc", "api": "GlobalMemoryStatusEx", "status": true, "return": "0x00000001", "arguments": [ { "name": "MemoryLoad", "value": "77" }, { "name": "TotalPhysicalMB", "value": "4096" } ], "repeated": 0, "id": 8405 }, { "timestamp": "2026-05-28 21:44:22,619", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x2678d95a2f0" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "92" } ], "repeated": 0, "id": 8406 }, { "timestamp": "2026-05-28 21:44:22,619", "thread_id": "12440", "caller": "0x7ff7299e3932", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\ActXPrxy" }, { "name": "DllBase", "value": "0x7ffc24b40000" } ], "repeated": 0, "id": 8407 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "92" }, { "name": "ProcessName", "value": "" } ], "repeated": 0, "id": 8408 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8409 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793bc0002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\ntoskrnl.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 8410 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bc0000" }, { "name": "RegionSize", "value": "0x01046000" } ], "repeated": 0, "id": 8411 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793bc0002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\ntoskrnl.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 8412 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bc0000" }, { "name": "RegionSize", "value": "0x01046000" } ], "repeated": 0, "id": 8413 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "92" }, { "name": "ProcessName", "value": "" } ], "repeated": 0, "id": 8414 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 8415 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 8416 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8417 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 8418 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8419 }, { "timestamp": "2026-05-28 21:44:22,822", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x2678d95a2f0" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "436" } ], "repeated": 0, "id": 8420 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e3932", "parentcaller": "0x7ff729a0e0ed", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\actxprxy.dll" }, { "name": "BaseAddress", "value": "0x7ffc24b40000" } ], "repeated": 0, "id": 8421 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e3932", "parentcaller": "0x7ff729a0e0ed", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "25DEAD04-1EAC-4911-9E3A-AD0A4AB560FD" }, { "name": "ClsContext", "value": "0x00000004", "pretty_value": "CLSCTX_LOCAL_SERVER" }, { "name": "riid", "value": "D133CE13-3537-48BA-93A7-AFCD5D2053B4" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 8422 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e3c77", "parentcaller": "0x7ff7299e3c07", "category": "system", "api": "CreateTimerQueueTimer", "status": true, "return": "0x00000001", "arguments": [ { "name": "phNewTimer", "value": "0x267937baad0" }, { "name": "TimerQueue", "value": "0x00000000" }, { "name": "Callback", "value": "0x29a44c70" }, { "name": "Parameter", "value": "0x1967fcd0" }, { "name": "DueTime", "value": "1000" }, { "name": "Period", "value": "1000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 8423 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8424 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8425 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2c65e000" }, { "name": "ModuleName", "value": "RPCRT4.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8426 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8427 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8428 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}" }, { "name": "Handle", "value": "0x000005de" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}" } ], "repeated": 0, "id": 8429 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005de" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000005e2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\\ProxyStubClsid32" } ], "repeated": 0, "id": 8430 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 8431 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e2" } ], "repeated": 0, "id": 8432 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005de" } ], "repeated": 0, "id": 8433 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8434 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8435 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8436 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "filesystem", "api": "NtOpenDirectoryObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "DirectoryHandle", "value": "0x000005dc" }, { "name": "DesiredAccess", "value": "0x00020001", "pretty_value": "FILE_READ_ACCESS|READ_CONTROL" }, { "name": "ObjectAttributes", "value": "C:\\RPC Control" } ], "repeated": 0, "id": 8437 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005e0" } ], "repeated": 0, "id": 8438 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8439 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "(rw\\x93g\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x04]\\x88\\x8a\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8440 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "Pmw\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8441 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 8442 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "(\\xc1\\x7f\\x93g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 8443 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 8444 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\x88rw\\x93g\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 8445 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\x1f\\x1d\\x8d:\\x97\\xb6\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\xc0\\xdfg\\x19\\xed\\x00\\x00\\x00\\xb8\\xdfg\\x19\\xed\\x00\\x00\\x00\\x88\\xdfg\\x19\\xed\\x00\\x00\\x00\\xa8\\xdfg\\x19" } ], "repeated": 0, "id": 8446 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80rw\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xddg\\x19\\xed\\x00\\x00\\x00\\xe0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 8447 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8448 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\x88ow\\x93g\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8449 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "Psw\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00A\\x00c\\x00t\\x00X\\x00P\\x00r\\x00x\\x00y\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xfdr\\x93" } ], "repeated": 0, "id": 8450 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 8451 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x88\\xc4\\x7f\\x93g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 8452 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 8453 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xe8rw\\x93g\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 8454 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xff\\x19\\x8d:\\x97\\xb6\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00 \\xdcg\\x19\\xed\\x00\\x00\\x00\\x18\\xdcg\\x19\\xed\\x00\\x00\\x00\\xe8\\xdbg\\x19\\xed\\x00\\x00\\x00\\x08\\xdcg\\x19" } ], "repeated": 0, "id": 8455 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0rw\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x08\\xdag\\x19\\xed\\x00\\x00\\x00\\xe0\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 8456 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005dc" } ], "repeated": 0, "id": 8457 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e0" } ], "repeated": 0, "id": 8458 }, { "timestamp": "2026-05-28 21:44:22,947", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\thumbcache" }, { "name": "DllBase", "value": "0x7ffc14d00000" } ], "repeated": 0, "id": 8459 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "12948", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc2b428ce0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "A\\x97\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00D8\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8460 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2b428c8a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005e4" } ], "repeated": 0, "id": 8461 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 8462 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "436" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\csrss.exe" } ], "repeated": 0, "id": 8463 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8464 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "436" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\csrss.exe" } ], "repeated": 0, "id": 8465 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8466 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793bc0002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\csrss.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 8467 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 8468 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 8469 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" } ], "repeated": 0, "id": 8470 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bd0000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8471 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 8472 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bd0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 8473 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8474 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bc0000" }, { "name": "RegionSize", "value": "0x00007000" } ], "repeated": 0, "id": 8475 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793bc0002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\csrss.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 8476 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 8477 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 8478 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" } ], "repeated": 0, "id": 8479 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bd0000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8480 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 8481 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bd0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 8482 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8483 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bc0000" }, { "name": "RegionSize", "value": "0x00007000" } ], "repeated": 0, "id": 8484 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x7ffc2ad7ad9e" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "436" } ], "repeated": 0, "id": 8485 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "436" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\csrss.exe" } ], "repeated": 0, "id": 8486 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 8487 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 8488 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\x1e\\x81\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xc8\\x1e\\x81\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\x1e\\x81\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19U\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8489 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 8490 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 8491 }, { "timestamp": "2026-05-28 21:44:23,135", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x2678d95a2f0" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "524" } ], "repeated": 0, "id": 8492 }, { "timestamp": "2026-05-28 21:44:23,166", "thread_id": "11032", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 2, "id": 8493 }, { "timestamp": "2026-05-28 21:44:23,213", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8494 }, { "timestamp": "2026-05-28 21:44:23,213", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 8495 }, { "timestamp": "2026-05-28 21:44:23,213", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 8496 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "11032", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 8497 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\thumbcache.dll" }, { "name": "BaseAddress", "value": "0x7ffc14d00000" } ], "repeated": 0, "id": 8498 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "2155FEE3-2419-4373-B102-6843707EB41F" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "F676C15D-596A-4CE2-8234-33996F445DB1" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 8499 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8500 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8501 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 8502 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 8503 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache" } ], "repeated": 0, "id": 8504 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8505 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8506 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "CreateDirectoryW", "status": false, "return": "0x00000000", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin" } ], "repeated": 0, "id": 8507 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin" } ], "repeated": 0, "id": 8508 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8509 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "CreateDirectoryW", "status": false, "return": "0x00000000", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin\\AppData\\Local" } ], "repeated": 0, "id": 8510 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" } ], "repeated": 0, "id": 8511 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8512 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "CreateDirectoryW", "status": false, "return": "0x00000000", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 8513 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8514 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8515 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8516 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8517 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xd6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00X\\xdbo\\x19\\xed\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90TL\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xdbo\\x19\\xed\\x00\\x00\\x00\\xa8\\xdao\\x19\\xed\\x00\\x00\\x00\\xff+\\x0f\\xa2\\xd4\\x95\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\x88e\\xd4\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8518 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8519 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8520 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8521 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8522 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8523 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xd6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00X\\xdbo\\x19\\xed\\x00\\x00\\x00+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90TL\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xdbo\\x19\\xed\\x00\\x00\\x00\\xa8\\xdao\\x19\\xed\\x00\\x00\\x00\\xff+\\x0f\\xa2\\xd4\\x95\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\x88e\\xd4\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8524 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateEvent", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005f8" }, { "name": "EventName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent" }, { "name": "EventType", "value": "0" }, { "name": "InitialState", "value": "0" } ], "repeated": 0, "id": 8525 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8526 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8527 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8528 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8529 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8530 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005fc" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8531 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8532 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8533 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8534 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8535 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8536 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000600" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8537 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8538 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8539 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8540 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8541 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8542 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000604" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8543 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8544 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8545 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8546 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8547 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8548 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000608" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8549 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8550 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8551 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8552 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8553 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8554 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x0000060c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8555 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8556 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8557 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8558 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8559 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8560 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000610" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8561 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8562 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8563 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8564 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8565 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8566 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000614" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8567 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8568 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8569 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8570 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8571 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8572 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000618" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8573 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8574 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8575 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8576 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8577 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8578 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x0000061c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8579 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8580 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8581 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8582 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8583 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8584 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000620" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8585 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8586 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8587 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8588 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8589 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8590 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000624" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8591 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8592 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8593 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8594 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8595 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8596 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000628" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8597 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8598 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8599 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8600 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8601 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8602 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x0000062c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8603 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8604 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8605 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8606 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8607 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xddo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x00U\\x8fg\\x02\\x00\\x00\\xe9\\xb2\\x08S\\xed\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\xfc\\x7f\\x00\\x00\\xa6\\xfa\\x12T\\xe1\\x17\\x00\\x008\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8608 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000630" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8609 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8610 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8611 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8612 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005f0" } ], "repeated": 0, "id": 8613 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "P\\xdeo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00o\\x00m\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00 \\xba\\xcf\\xc9\\x8a\\x1c\\x00\\x00\\x10\\xe5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88e\\xd4\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xeao\\x19\\xed\\x00\\x00\\x00\\xa0y}\\x93g\\x02\\x00\\x00`\\xdfo\\x19\\xed\\x00\\x00\\x00\\x04\\x01\\x00\\x00\\x00\\x00\\x00\\x00`\\xaa\\xd4\\x14\\xfc\\x7f\\x00\\x00\\xa71\\xd1\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8614 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000634" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8615 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8616 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ec" } ], "repeated": 0, "id": 8617 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000634" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8618 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\IconCacheToDelete" } ], "repeated": 0, "id": 8619 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache" } ], "repeated": 0, "id": 8620 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8621 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 8622 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8623 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005f0" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8624 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000638" } ], "repeated": 0, "id": 8625 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xe5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0y}\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0y}\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 8626 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8627 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000638" } ], "repeated": 0, "id": 8628 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 8629 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8630 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8631 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x000f0007", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005ec" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" } ], "repeated": 0, "id": 8632 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000640" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bc0000" }, { "name": "SectionOffset", "value": "0xed196fe260" }, { "name": "ViewSize", "value": "0x00008000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8633 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8634 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8635 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8636 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8637 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8638 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x10\\xe5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0y}\\x93g\\x02\\x00\\x00\\xdf\\x1d\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 8639 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000644" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8640 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8641 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8642 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000644" } ], "repeated": 0, "id": 8643 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8644 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x000005ec" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000644" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 8645 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" } ], "repeated": 0, "id": 8646 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "GetDiskFreeSpaceExW", "status": true, "return": "0x00000001", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 8647 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8648 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8649 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8650 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8651 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8652 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8653 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8654 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8655 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8656 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8657 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8658 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8659 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8660 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8661 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8662 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8663 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8664 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8665 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8666 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8667 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8668 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8669 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8670 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8671 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8672 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8673 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8674 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8675 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8676 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8677 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8678 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8679 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8680 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8681 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8682 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8683 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8684 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8685 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8686 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8687 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8688 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8689 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8690 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8691 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8692 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8693 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8694 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8695 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8696 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8697 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8698 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8699 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8700 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8701 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8702 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8703 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8704 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8705 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8706 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8707 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8708 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8709 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8710 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8711 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8712 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8713 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8714 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8715 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8716 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8717 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8718 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8719 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8720 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8721 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8722 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8723 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8724 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8725 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8726 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8727 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8728 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8729 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8730 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8731 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8732 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8733 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8734 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8735 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8736 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8737 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8738 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8739 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8740 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8741 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8742 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8743 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8744 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8745 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8746 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8747 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8748 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8749 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8750 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8751 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8752 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8753 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8754 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8755 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8756 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8757 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8758 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8759 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8760 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8761 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8762 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8763 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8764 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8765 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8766 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8767 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8768 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8769 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8770 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8771 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8772 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8773 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8774 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8775 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8776 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8777 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8778 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8779 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8780 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8781 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8782 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8783 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8784 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8785 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8786 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8787 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8788 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8789 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8790 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8791 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8792 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8793 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8794 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8795 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8796 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8797 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8798 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8799 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8800 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8801 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8802 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8803 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8804 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8805 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8806 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8807 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8808 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8809 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8810 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8811 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8812 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8813 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8814 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8815 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8816 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8817 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8818 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8819 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8820 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8821 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8822 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8823 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8824 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8825 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8826 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8827 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8828 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8829 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8830 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8831 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8832 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8833 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8834 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8835 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8836 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8837 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8838 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8839 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8840 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8841 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8842 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8843 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8844 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8845 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8846 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8847 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8848 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8849 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8850 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8851 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8852 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8853 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8854 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8855 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8856 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8857 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8858 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8859 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8860 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8861 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8862 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8863 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8864 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8865 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8866 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8867 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8868 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8869 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8870 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8871 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8872 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8873 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8874 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8875 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8876 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8877 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8878 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8879 }, { "timestamp": "2026-05-28 21:44:23,260", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe3o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\x1c\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80$\\x81\\x93g\\x02\\x00\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00C\\x00:\\x00\\\\x00U\\x00s\\x00e\\x00r\\x00s\\x00\\\\x00a\\x00d\\x00m\\x00i\\x00n\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00\\\\x00W\\x00" } ], "repeated": 0, "id": 8880 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8881 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8882 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8883 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8884 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8885 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8886 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8887 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8888 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00E\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00c\\x00h\\x00e\\x00_\\x001\\x006\\x00.\\x00d\\x00b\\x00\\x00\\x00\\x88\\xe4o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xe4o\\x19\\xed\\x00\\x00\\x00\\x02\\x00P\\x00\\x01\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec" } ], "repeated": 0, "id": 8889 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8890 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8891 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8892 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8893 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8894 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8895 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8896 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8897 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8898 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8899 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe0o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00`\\xda\\xd9\\xff\\xff\\xff\\xff\\xff\\x17\\xb4\\xc4%\\xeb\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00`\\xda\\xd9\\xff\\xff\\xff\\xff\\xffH\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8900 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8901 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8902 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8903 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8904 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8905 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8906 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8907 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000640" } ], "repeated": 0, "id": 8908 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe0o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00<\\x06\\x00\\x00\\x00\\x00\\x00\\x00<\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x81|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00<\\x06\\x00\\x00\\x00\\x00\\x00\\x00<\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x85g\\xd8*\\xfc\\x7f\\x00\\x00<\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8909 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8910 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8911 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8912 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8913 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8914 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8915 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8916 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8917 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000063c" } ], "repeated": 0, "id": 8918 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe0o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00`\\xda\\xd9\\xff\\xff\\xff\\xff\\xff\\x17\\xb4\\xc4%\\xeb\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xda\\xd9\\xff\\xff\\xff\\xff\\xffH\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8919 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8920 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8921 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8922 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8923 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8924 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8925 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8926 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8927 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe0o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\x7f\\xed\\xfb\\x7f\\x00\\x00@\\x06\\x00\\x00\\x00\\x00\\x00\\x00@\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x81|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00@\\x06\\x00\\x00\\x00\\x00\\x00\\x00@\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x85g\\xd8*\\xfc\\x7f\\x00\\x00@\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8928 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8929 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8930 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000640" } ], "repeated": 0, "id": 8931 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000063c" } ], "repeated": 0, "id": 8932 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8933 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005fc" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8934 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "DesiredAccess", "value": "0xc0100080", "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8935 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "74" }, { "name": "FileInformation", "value": "\\x02\\x00\\x00\\x00" } ], "repeated": 0, "id": 8936 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8937 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000640" }, { "name": "DesiredAccess", "value": "0x000f0007", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000063c" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" } ], "repeated": 0, "id": 8938 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 1, "id": 8939 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 8940 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "250" } ], "repeated": 0, "id": 8941 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8942 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000064c" } ], "repeated": 0, "id": 8943 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe1o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00g\\x02\\x00\\x00`\\xda\\xd9\\xff\\xff\\xff\\xff\\xffB\\x00\\xc5%\\xeb\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00`\\xda\\xd9\\xff\\xff\\xff\\xff\\xffH\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x*\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 8944 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8945 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000064c" } ], "repeated": 0, "id": 8946 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8947 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8948 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8949 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 8950 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8951 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8952 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe1o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00p\\xe2o\\x19\\xed\\x00\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\r)\\x8fg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x*\\x81\\x93g\\x02\\x00\\x00\\x0f\\x19\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 8953 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000064c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8954 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8955 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 8956 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000064c" } ], "repeated": 0, "id": 8957 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8958 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000640" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793bd0000" }, { "name": "SectionOffset", "value": "0xed196fe1e0" }, { "name": "ViewSize", "value": "0x00100000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8959 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x0000063c" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x0000064c" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 8960 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005fc" } ], "repeated": 0, "id": 8961 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8962 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8963 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 8964 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00\\xe5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0y}\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 8965 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8966 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8967 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 8968 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8969 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8970 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8971 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 8972 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000654" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8973 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000650" } ], "repeated": 0, "id": 8974 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x10\\xe5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0y}\\x93g\\x02\\x00\\x00\\xdf\\x1d\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 8975 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8976 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 8977 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 8978 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8979 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8980 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000634" } ], "repeated": 0, "id": 8981 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8982 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 8983 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 8984 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8985 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000654" } ], "repeated": 0, "id": 8986 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xab\\xd4\\x14\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8987 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8988 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 8989 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8990 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 8991 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8992 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 8993 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000654" } ], "repeated": 0, "id": 8994 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\xeao\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x82\\xd0\\x14\\xfc\\x7f\\x00\\x004\\x005\\x00b\\x00f\\x008\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 8995 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045bf8" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 8996 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 8997 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 8998 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 8999 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9000 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9001 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9002 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc14d63000" }, { "name": "ModuleName", "value": "thumbcache.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9003 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9004 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9005 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9006 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 9007 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xe8o\\x19\\xed\\x00\\x00\\x00\\xe8\\xe9o\\x19\\xed\\x00\\x00\\x00\\xf8[\\xc1\\x93g\\x02\\x00\\x00 \\xe8o\\x19\\xed\\x00\\x00\\x00p\\xe8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x95\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9008 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9009 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9010 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9011 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 9012 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9013 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9014 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x267937da000" }, { "name": "RegionSize", "value": "0x00005000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9015 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe" } ], "repeated": 0, "id": 9016 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a3d36c", "parentcaller": "0x7ff729a9c16e", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "Index", "value": "1" }, { "name": "ValueName", "value": "CAPEAgent" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent" } ], "repeated": 0, "id": 9017 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a3d20b", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "CAPEAgent" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent" } ], "repeated": 0, "id": 9018 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a3d2e0", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "CAPEAgent" }, { "name": "Data", "value": "\"C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe\" \"C:\\agent.py\"" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent" } ], "repeated": 0, "id": 9019 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a9abc5", "parentcaller": "0x7ff729a9e244", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000004b8" }, { "name": "ValueName", "value": "CAPEAgent" }, { "name": "Data", "value": "\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\CAPEAgent" } ], "repeated": 0, "id": 9020 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" } ], "repeated": 0, "id": 9021 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9022 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000279", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9023 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11a39", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9024 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0d762", "parentcaller": "0x7ff729a11a39", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ff729b0c000" }, { "name": "ModuleName", "value": "taskmgr.exe" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9025 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9026 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2bf67000" }, { "name": "ModuleName", "value": "SHELL32.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9027 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9028 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b252000" }, { "name": "ModuleName", "value": "SHLWAPI.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9029 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9030 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "NoPropertiesMyComputer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer" } ], "repeated": 0, "id": 9031 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9032 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9033 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9034 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "NoPropertiesRecycleBin" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin" } ], "repeated": 0, "id": 9035 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9036 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9037 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9038 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "NoControlPanel" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel" } ], "repeated": 0, "id": 9039 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9040 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9041 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9042 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "NoSetFolders" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders" } ], "repeated": 0, "id": 9043 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9044 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9045 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9046 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "NoInternetIcon" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon" } ], "repeated": 0, "id": 9047 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9048 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9049 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\taskmgr.exe" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\taskmgr.exe" } ], "repeated": 0, "id": 9050 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 9051 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9052 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" } ], "repeated": 0, "id": 9053 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "ValidateRegItems" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems" } ], "repeated": 0, "id": 9054 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9055 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 9056 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9057 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" } ], "repeated": 0, "id": 9058 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "MonitorRegistry" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry" } ], "repeated": 0, "id": 9059 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9060 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9061 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9062 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9063 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "NoCommonGroups" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups" } ], "repeated": 0, "id": 9064 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9065 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9066 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9067 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9068 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9069 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9070 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9071 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9072 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" }, { "name": "Handle", "value": "0x0000065a" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" } ], "repeated": 0, "id": 9073 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9074 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9075 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065a" }, { "name": "ValueName", "value": "Attributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes" } ], "repeated": 0, "id": 9076 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065a" }, { "name": "ValueName", "value": "CallForAttributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes" } ], "repeated": 0, "id": 9077 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065a" }, { "name": "ValueName", "value": "RestrictedAttributes" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes" } ], "repeated": 0, "id": 9078 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065a" }, { "name": "ValueName", "value": "FolderValueFlags" }, { "name": "Data", "value": "1581568" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags" } ], "repeated": 0, "id": 9079 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065a" } ], "repeated": 0, "id": 9080 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9081 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9082 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" } ], "repeated": 0, "id": 9083 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder" } ], "repeated": 0, "id": 9084 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" } ], "repeated": 0, "id": 9085 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" } ], "repeated": 0, "id": 9086 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" } ], "repeated": 0, "id": 9087 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9088 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 9089 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9090 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" } ], "repeated": 0, "id": 9091 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "ValidateRegItems" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems" } ], "repeated": 0, "id": 9092 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9093 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 9094 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9095 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace" } ], "repeated": 0, "id": 9096 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "MonitorRegistry" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry" } ], "repeated": 0, "id": 9097 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9098 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9099 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9100 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "C:\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9101 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9102 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000658" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000654" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9103 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9104 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data" } ], "repeated": 0, "id": 9105 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 9106 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000654" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9107 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000654" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9108 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 9109 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 9110 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9111 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000658" } ], "repeated": 0, "id": 9112 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " \\xb9}\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9113 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9114 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9115 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000658" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000654" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9116 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9117 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 9118 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 9119 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9120 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29026000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9121 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 9122 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Policies\\Microsoft\\Windows\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer" } ], "repeated": 0, "id": 9123 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000654" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9124 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000654" }, { "name": "HandleName", "value": "C:\\" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9125 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000654" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x97\\xf5\\xb7\\xc2\\xea\\xee\\xdc\\x01\\x9d\\xa9\\xd1\\xc9\\xb8\\xee\\xdc\\x01\\x9d\\xa9\\xd1\\xc9\\xb8\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\x05\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9126 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000654" } ], "repeated": 0, "id": 9127 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b01b000" }, { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9128 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b01b000" }, { "name": "ModuleName", "value": "KERNELBASE.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9129 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\system32\\propsys" }, { "name": "DllBase", "value": "0x7ffc27140000" } ], "repeated": 0, "id": 9130 }, { "timestamp": "2026-05-28 21:44:23,275", "thread_id": "3380", "caller": "0x7ffc2d14eb32", "parentcaller": "0x7ffc2d1077c3", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000038" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9131 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 9132 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9133 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9134 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2d005921", "parentcaller": "0x7ffc2acd2e6b", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000001c0" }, { "name": "IoControlCode", "value": "0x00470807" }, { "name": "InBuffer", "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x14\\x00\\x00\\x00#\\x00\\x00\\xc0|\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9135 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2d005921", "parentcaller": "0x7ffc2acd1ed1", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x000001c0" }, { "name": "IoControlCode", "value": "0x00470807" }, { "name": "InBuffer", "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00|\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00" } ], "repeated": 0, "id": 9136 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000658" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000650" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 9137 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9138 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 9139 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 9140 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\STORAGE#Volume#{e32a9442-5af2-11f1-ae2c-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-100000000000}\\" } ], "repeated": 0, "id": 9141 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9142 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793817000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9143 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9144 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000658" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-100000000000}\\" }, { "name": "Handle", "value": "0x000005f0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\" } ], "repeated": 0, "id": 9145 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9146 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\xbd\\xbb\\x88\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data" } ], "repeated": 0, "id": 9147 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 9148 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x000005f0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9149 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005f0" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-100000000000}\\" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\" } ], "repeated": 0, "id": 9150 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 9151 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation" } ], "repeated": 0, "id": 9152 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9153 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000658" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000005f0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 9154 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9155 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 9156 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9157 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\STORAGE#Volume#{e32a9442-5af2-11f1-ae2c-806e6f6e6963}#0000000003300000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9158 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9159 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9160 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000658" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000650" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9161 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9162 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data" } ], "repeated": 0, "id": 9163 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9164 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000650" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9165 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000650" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9166 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9167 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 9168 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9169 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000658" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000650" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 9170 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9171 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 9172 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 9173 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\STORAGE#Volume#{e32a9442-5af2-11f1-ae2c-806e6f6e6963}#0000000EDDC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{528c102f-0000-0000-0000-c0dd0e000000}\\" } ], "repeated": 0, "id": 9174 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9175 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9176 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000658" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-c0dd0e000000}\\" }, { "name": "Handle", "value": "0x000005f0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\" } ], "repeated": 0, "id": 9177 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9178 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x9d\\x7f\\xd7`\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00E\\x00D\\x00D\\x00C\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data" } ], "repeated": 0, "id": 9179 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 9180 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x000005f0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9181 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000005f0" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-c0dd0e000000}\\" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\" } ], "repeated": 0, "id": 9182 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 9183 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation" } ], "repeated": 0, "id": 9184 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9185 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc28a15fb2", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0x00000658" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000005f0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 9186 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9187 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc28a15ffc", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "Milliseconds", "value": "1000" } ], "repeated": 0, "id": 9188 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9189 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc28a4a151", "parentcaller": "0x7ffc28a327a5", "category": "filesystem", "api": "GetVolumeNameForVolumeMountPointW", "status": true, "return": "0x00000001", "arguments": [ { "name": "VolumeMountPoint", "value": "\\\\?\\SCSI#CdRom&Ven_&Prod_HL-PQ-SV_WB8#4&35424867&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\" }, { "name": "VolumeName", "value": "\\\\?\\Volume{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" } ], "repeated": 0, "id": 9190 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a1601a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9191 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9192 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000658" }, { "name": "SubKey", "value": "{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" }, { "name": "Handle", "value": "0x00000650" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" } ], "repeated": 0, "id": 9193 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9194 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" }, { "name": "ValueName", "value": "Data" }, { "name": "Data", "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x80#\\x00\\x00\\x00\\x07\\x02H\\x01\\xfe\\x00\\x00\\x00\\x11\\x00\\x00\\x00x\\x00'\\xca\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00C\\x00S\\x00I\\x00#\\x00C\\x00d\\x00R\\x00o\\x00m\\x00&\\x00V\\x00e\\x00n\\x00_\\x00<\\x00W\\x00O\\x00O\\x00T\\x00>\\x00&\\x00P\\x00r\\x00o\\x00d\\x00_\\x00H\\x00L\\x00-\\x00P\\x00Q\\x00-\\x00S\\x00V\\x00_\\x00W\\x00B\\x008\\x00#\\x004\\x00&\\x003\\x005\\x004\\x002\\x004\\x008\\x006\\x007\\x00&\\x000\\x00&\\x000\\x001\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data" } ], "repeated": 0, "id": 9195 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a159ad", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9196 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2f616", "parentcaller": "0x7ffc28a2bf43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000650" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9197 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bf7f", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000650" }, { "name": "SubKey", "value": "{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" }, { "name": "Handle", "value": "0x00000658" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" } ], "repeated": 0, "id": 9198 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfa7", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9199 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b16b76b", "parentcaller": "0x7ffc2b16b5e2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation" } ], "repeated": 0, "id": 9200 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc28a2bfeb", "parentcaller": "0x7ffc28a15a2d", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9201 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9202 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9203 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9204 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9205 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9206 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9207 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9208 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 9209 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9210 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9211 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9212 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 9213 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9214 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9215 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2896956d", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000658" } ], "repeated": 0, "id": 9216 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc2896a4ff", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " m\\x81\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9217 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28969591", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9218 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9219 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x00c\\x000\\x00d\\x00d\\x000\\x00e\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9220 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9221 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9222 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x005\\x002\\x008\\x00c\\x001\\x000\\x002\\x00f\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x00c\\x000\\x00d\\x00d\\x000\\x00e\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x02\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9223 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9224 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9225 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x00c\\x000\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 9226 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1620d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x00c\\x000\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00D\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9227 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9228 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86579", "parentcaller": "0x7ffc2ad85fe6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000658" }, { "name": "DesiredAccess", "value": "0x00100080", "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "\\??\\MountPointManager" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9229 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f54e", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": false, "return": "0x00000000", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x00c\\x000\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00" } ], "repeated": 0, "id": 9230 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad9f6dd", "parentcaller": "0x7ffc28a1626d", "category": "device", "api": "DeviceIoControl", "status": true, "return": "0x00000001", "arguments": [ { "name": "DeviceHandle", "value": "0x00000658" }, { "name": "IoControlCode", "value": "0x006d0034", "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS" }, { "name": "InBuffer", "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x00c\\x000\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "OutBuffer", "value": "\\x08\\x00\\x00\\x00D\\x00:\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9231 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc2ad9f55e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9232 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2adc026b", "parentcaller": "0x7ffc2896956d", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000658" } ], "repeated": 0, "id": 9233 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad854eb", "parentcaller": "0x7ffc2896a4ff", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": " m\\x81\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9234 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28969591", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000658" } ], "repeated": 0, "id": 9235 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 9236 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9237 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12440", "caller": "0x7ff7299e39d5", "parentcaller": "0x7ff7299e3953", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005ac" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 9238 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "12948", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x000204e6" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 9239 }, { "timestamp": "2026-05-28 21:44:23,322", "thread_id": "11032", "caller": "0x7ffc2ad86785", "parentcaller": "0x7ffc28a3286f", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f0" } ], "repeated": 0, "id": 9240 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "524" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\csrss.exe" } ], "repeated": 0, "id": 9241 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 9242 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "524" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\csrss.exe" } ], "repeated": 0, "id": 9243 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 9244 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790da0002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\csrss.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9245 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9246 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9247 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" } ], "repeated": 0, "id": 9248 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793cd0000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9249 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 9250 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793cd0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9251 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 9252 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790da0000" }, { "name": "RegionSize", "value": "0x00007000" } ], "repeated": 0, "id": 9253 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26790da0002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\csrss.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9254 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9255 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9256 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\csrss.exe.mui" } ], "repeated": 0, "id": 9257 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793cd0000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9258 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 9259 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793cd0000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9260 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 9261 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790da0000" }, { "name": "RegionSize", "value": "0x00007000" } ], "repeated": 0, "id": 9262 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x7ffc2ad7ad9e" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "524" } ], "repeated": 0, "id": 9263 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "524" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\csrss.exe" } ], "repeated": 0, "id": 9264 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 9265 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9266 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\xe4}\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xe8\\xe4}\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe5}\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01Y\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9267 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 9268 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 9269 }, { "timestamp": "2026-05-28 21:44:23,494", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x2678d95a2f0" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "624" } ], "repeated": 0, "id": 9270 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\propsys.dll" }, { "name": "BaseAddress", "value": "0x7ffc27140000" } ], "repeated": 0, "id": 9271 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 9272 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0xfffffffc" } ], "repeated": 1, "id": 9273 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*Users*admin*AppData*Local*Microsoft*Windows*Caches*cversions.1" } ], "repeated": 0, "id": 9274 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*Users*admin*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro" } ], "repeated": 0, "id": 9275 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0xfffffffc" } ], "repeated": 0, "id": 9276 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "CreateDirectoryW", "status": false, "return": "0x00000000", "arguments": [ { "name": "DirectoryName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches" } ], "repeated": 0, "id": 9277 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9278 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9279 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000650" } ], "repeated": 0, "id": 9280 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9281 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x00,~\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 9282 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9283 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x00020000", "pretty_value": "READ_CONTROL" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9284 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9285 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9286 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9287 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x00020000", "pretty_value": "READ_CONTROL" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9288 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9289 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x000f01ff" }, { "name": "TokenHandle", "value": "0x00000650" } ], "repeated": 0, "id": 9290 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9291 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "Hpw\\x93g\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9292 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "pqw\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00m\\x00u\\x00" } ], "repeated": 0, "id": 9293 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9294 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\x08\\xcc\\x7f\\x93g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 9295 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9296 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "Hsw\\x93g\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 9297 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xdf~\\x85:\\x97\\xb6\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00\\x00\\xbdo\\x19\\xed\\x00\\x00\\x00\\xf8\\xbco\\x19\\xed\\x00\\x00\\x00\\xc8\\xbco\\x19\\xed\\x00\\x00\\x00\\xe8\\xbco\\x19" } ], "repeated": 0, "id": 9298 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@sw\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xbao\\x19\\xed\\x00\\x00\\x00P\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 9299 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "10" }, { "name": "TokenInformation", "value": "\\xc8\\x12\\x13\\x00\\x00\\x00\\x00\\x00\\xdb7\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa4-\\x13\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9300 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "4" }, { "name": "TokenInformation", "value": "\\xa8pw\\x93g\\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9301 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "25" }, { "name": "TokenInformation", "value": "pnw\\x93g\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00m\\x00u\\x00" } ], "repeated": 0, "id": 9302 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9303 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "5" }, { "name": "TokenInformation", "value": "\\xf8\\xcc\\x7f\\x93g\\x02\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 9304 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9305 }, { "timestamp": "2026-05-28 21:44:23,619", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "6" }, { "name": "TokenInformation", "value": "\\xd8I\\x9a\\x8dg\\x02\\x00\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9b6\\x02\\x00" } ], "repeated": 0, "id": 9306 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X@j\\x14\\xfc\\x7f\\x00\\x00\\xebPB\\x14\\xfc\\x7f\\x00\\x00\\xbfz\\x85:\\x97\\xb6\\x00\\x00(Nf\\x14\\xfc\\x7f\\x00\\x00`\\xb9o\\x19\\xed\\x00\\x00\\x00X\\xb9o\\x19\\xed\\x00\\x00\\x00(\\xb9o\\x19\\xed\\x00\\x00\\x00H\\xb9o\\x19" } ], "repeated": 0, "id": 9307 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "41" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0I\\x9a\\x8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd9\\xd8C\\x14\\xfc\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xb7o\\x19\\xed\\x00\\x00\\x00P\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x001\\xed\\xfb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x86\\xa2f\\x14" } ], "repeated": 0, "id": 9308 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9309 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9310 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000638" } ], "repeated": 0, "id": 9311 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9312 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@!~\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 9313 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000638" } ], "repeated": 0, "id": 9314 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000638" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "Local\\C:*Users*admin*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro" }, { "name": "FileHandle", "value": "0x00000650" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" } ], "repeated": 0, "id": 9315 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9316 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000638" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790da0000" }, { "name": "SectionOffset", "value": "0xed196fbfc0" }, { "name": "ViewSize", "value": "0x00004000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9317 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*Users*admin*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db" } ], "repeated": 0, "id": 9318 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000650" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9319 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000650" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00p\\x01\\x00\\x00\\x00\\x00\\x00\\x88m\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9320 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 9321 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 9322 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80)~\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00" } ], "repeated": 0, "id": 9323 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9324 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "Local\\C:*Users*admin*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db" }, { "name": "FileHandle", "value": "0x00000650" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db" } ], "repeated": 0, "id": 9325 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9326 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793cd0000" }, { "name": "SectionOffset", "value": "0xed196fcf20" }, { "name": "ViewSize", "value": "0x00017000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9327 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9328 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0xfffffffc" } ], "repeated": 0, "id": 9329 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000638" } ], "repeated": 0, "id": 9330 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtUnmapViewOfSectionEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790da0000" }, { "name": "RegionSize", "value": "0x00004000" }, { "name": "Flags", "value": "0" } ], "repeated": 0, "id": 9331 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 9332 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Size", "value": "0x00000001" }, { "name": "Buffer", "value": "\\x00" } ], "repeated": 0, "id": 9333 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "WriteProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Buffer", "value": "\\x01" }, { "name": "BufferLength", "value": "0x00000001" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9334 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000638" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\desktop.ini" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9335 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000638" }, { "name": "HandleName", "value": "C:\\Users\\desktop.ini" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9336 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000638" }, { "name": "HandleName", "value": "C:\\Users\\desktop.ini" }, { "name": "Buffer", "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x003\\x00\r\\x00\n\\x00" }, { "name": "Length", "value": "174" } ], "repeated": 0, "id": 9337 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000638" }, { "name": "HandleName", "value": "C:\\Users\\desktop.ini" }, { "name": "FileInformationClass", "value": "4", "pretty_value": "FileBasicInformation" }, { "name": "FileInformation", "value": "-j\\xb5\\xc9\\xde\\xac\\xd5\\x018\\xe5\\xfb%\\xeb\\xee\\xdc\\x01\\xb8\\x818{\\xde\\xac\\xd5\\x01e\\x9e\\x95\\xc2\\xf8\\xee\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9338 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000638" } ], "repeated": 0, "id": 9339 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9340 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000638" }, { "name": "DesiredAccess", "value": "0x00000006" }, { "name": "ObjectAttributes", "value": "Global\\windows_shell_global_counters" } ], "repeated": 0, "id": 9341 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000638" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26790da0000" }, { "name": "SectionOffset", "value": "0xed196fce40" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9342 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 9343 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Size", "value": "0x00000001" }, { "name": "Buffer", "value": "\\x01" } ], "repeated": 0, "id": 9344 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "WriteProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Buffer", "value": "\\x00" }, { "name": "BufferLength", "value": "0x00000001" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9345 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9346 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Users" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9347 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf4a\\xd0\\x9c\\xb6\\xee\\xdc\\x01\\x97\\xf5\\xb7\\xc2\\xea\\xee\\xdc\\x01\\x9fj\"s\\x02\\xef\\xdc\\x01\\x9fj\"s\\x02\\xef\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x9a\\x01\\x00\\x00\\x00\\x04\\x00a\\x00d\\x00m\\x00i\\x00n\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9348 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9349 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9350 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9351 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Users\\admin" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9352 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00R \\xd6\\x9c\\xb6\\xee\\xdc\\x01\\x97\\xf5\\xb7\\xc2\\xea\\xee\\xdc\\x01n\\xbc\\xe2\\x9c\\xb6\\xee\\xdc\\x01n\\xbc\\xe2\\x9c\\xb6\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\xa5\\x01\\x00\\x00\\x00\\x03\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9353 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9354 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9355 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9356 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xbd\\xd6\\x9c\\xb6\\xee\\xdc\\x01\\xe8\\x93\\x17\\xc5\\xea\\xee\\xdc\\x01\\xde\\x8d\\x85=\\x02\\xef\\xdc\\x01\\xde\\x8d\\x85=\\x02\\xef\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\xa6\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9357 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9358 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679381b000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9359 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9360 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9361 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xbd\\xd6\\x9c\\xb6\\xee\\xdc\\x01E\\xc5\\xeb\\xc5\\xea\\xee\\xdc\\x01\\x8d\\xff[\\xc0\\xb8\\xee\\xdc\\x01\\x8d\\xff[\\xc0\\xb8\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x003\\xa6\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9362 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9363 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9364 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9365 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xbd\\xd6\\x9c\\xb6\\xee\\xdc\\x01{\\x7f\\x9e$\\xeb\\xee\\xdc\\x01)S:q\\xb7\\xee\\xdc\\x01)S:q\\xb7\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00W\\x00I\\x00N\\x00D\\x00O\\x00W\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\xa6\\x01\\x00\\x00\\x00\\x02\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00A\\x00p\\x00p\\x00s\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9366 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9367 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 9368 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Size", "value": "0x00000001" }, { "name": "Buffer", "value": "\\x00" } ], "repeated": 0, "id": 9369 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "WriteProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Buffer", "value": "\\x01" }, { "name": "BufferLength", "value": "0x00000001" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9370 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000001" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\desktop.ini" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "no" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9371 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9372 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 9373 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Size", "value": "0x00000001" }, { "name": "Buffer", "value": "\\x01" } ], "repeated": 0, "id": 9374 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "WriteProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Buffer", "value": "\\x00" }, { "name": "BufferLength", "value": "0x00000001" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9375 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9376 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9377 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9fI\\xbe\\xb1\\xb6\\xee\\xdc\\x01\\x19\\x048q\\xb7\\xee\\xdc\\x01\\x19\\x048q\\xb7\\xee\\xdc\\x01\\x19\\x048q\\xb7\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x04\\x00\\x00\\x14\\x00\\x00\\x00\\x1b\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa9\\x01\\x00\\x00\\x00\\x03\\x00p\\x00y\\x00t\\x00h\\x00o\\x00n\\x00.\\x00e\\x00x\\x00e\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9378 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9379 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9380 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9381 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "DontShowSuperHidden" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden" } ], "repeated": 0, "id": 9382 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9383 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9384 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" } ], "repeated": 0, "id": 9385 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShellState" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState" } ], "repeated": 0, "id": 9386 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShellState" }, { "name": "Data", "value": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState" } ], "repeated": 0, "id": 9387 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9388 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9389 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "NoWebView" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView" } ], "repeated": 0, "id": 9390 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9391 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9392 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9393 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ClassicShell" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell" } ], "repeated": 0, "id": 9394 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9395 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9396 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9397 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "SeparateProcess" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess" } ], "repeated": 0, "id": 9398 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9399 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9400 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9401 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "NoNetCrawling" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling" } ], "repeated": 0, "id": 9402 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9403 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9404 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "Advanced" }, { "name": "Handle", "value": "0x00000648" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" } ], "repeated": 0, "id": 9405 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "Hidden" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden" } ], "repeated": 0, "id": 9406 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShowCompColor" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor" } ], "repeated": 0, "id": 9407 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "HideFileExt" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt" } ], "repeated": 0, "id": 9408 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "DontPrettyPath" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath" } ], "repeated": 0, "id": 9409 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShowInfoTip" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip" } ], "repeated": 0, "id": 9410 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "HideIcons" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons" } ], "repeated": 0, "id": 9411 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "MapNetDrvBtn" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn" } ], "repeated": 0, "id": 9412 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "WebView" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView" } ], "repeated": 0, "id": 9413 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "Filter" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter" } ], "repeated": 0, "id": 9414 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShowSuperHidden" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden" } ], "repeated": 0, "id": 9415 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "SeparateProcess" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess" } ], "repeated": 0, "id": 9416 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlRegisterFeatureConfigurationChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d0f93b0" } ], "repeated": 0, "id": 9417 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "NtQueryWnfStateData" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d18fc40" } ], "repeated": 0, "id": 9418 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlSubscribeWnfStateChangeNotification" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d132460" } ], "repeated": 0, "id": 9419 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 9420 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlQueryFeatureConfiguration" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d14cbd0" } ], "repeated": 0, "id": 9421 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x00000650" }, { "name": "MutexName", "value": "Local\\SM0:14276:304:WilStaging_02" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9422 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9423 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9424 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 9425 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9426 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 9427 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9428 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9429 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9430 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000650" } ], "repeated": 0, "id": 9431 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "NoNetCrawling" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling" } ], "repeated": 0, "id": 9432 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "AutoCheckSelect" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect" } ], "repeated": 0, "id": 9433 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "IconsOnly" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly" } ], "repeated": 0, "id": 9434 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShowTypeOverlay" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay" } ], "repeated": 0, "id": 9435 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "ValueName", "value": "ShowStatusBar" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar" } ], "repeated": 0, "id": 9436 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9437 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 9438 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "18" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 9439 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "20" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 9440 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9441 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Directory" }, { "name": "Handle", "value": "0x0000064a" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Directory" } ], "repeated": 0, "id": 9442 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000064a" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 9443 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "Folder" }, { "name": "Handle", "value": "0x0000065e" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\Folder" } ], "repeated": 0, "id": 9444 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000065e" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 9445 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "AllFilesystemObjects" }, { "name": "Handle", "value": "0x00000662" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects" } ], "repeated": 0, "id": 9446 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000662" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 9447 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000064a" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject" } ], "repeated": 0, "id": 9448 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000064a" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject" } ], "repeated": 0, "id": 9449 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065e" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject" } ], "repeated": 0, "id": 9450 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000065e" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject" } ], "repeated": 0, "id": 9451 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000662" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject" } ], "repeated": 0, "id": 9452 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000662" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject" } ], "repeated": 0, "id": 9453 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000064a" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace" } ], "repeated": 0, "id": 9454 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000064a" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace" } ], "repeated": 0, "id": 9455 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065e" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace" } ], "repeated": 0, "id": 9456 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000065e" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace" } ], "repeated": 0, "id": 9457 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000662" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace" } ], "repeated": 0, "id": 9458 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000662" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace" } ], "repeated": 0, "id": 9459 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000064a" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid" } ], "repeated": 0, "id": 9460 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000065e" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid" } ], "repeated": 0, "id": 9461 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000662" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid" } ], "repeated": 0, "id": 9462 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000064a" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut" } ], "repeated": 0, "id": 9463 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065e" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut" } ], "repeated": 0, "id": 9464 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000662" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut" } ], "repeated": 0, "id": 9465 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000064a" }, { "name": "ValueName", "value": "AlwaysShowExt" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt" } ], "repeated": 0, "id": 9466 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000064a" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt" } ], "repeated": 0, "id": 9467 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000065e" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt" } ], "repeated": 0, "id": 9468 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000662" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt" } ], "repeated": 0, "id": 9469 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000064a" } ], "repeated": 0, "id": 9470 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065e" } ], "repeated": 0, "id": 9471 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5b4", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000662" } ], "repeated": 0, "id": 9472 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9473 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc29025000" }, { "name": "ModuleName", "value": "windows.storage.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9474 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap" }, { "name": "Handle", "value": "0x00000660" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap" } ], "repeated": 0, "id": 9475 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" }, { "name": "ValueName", "value": ".exe" }, { "name": "Data", "value": "program" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe" } ], "repeated": 0, "id": 9476 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9477 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": ".exe" }, { "name": "Handle", "value": "0x00000662" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\.exe" } ], "repeated": 0, "id": 9478 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000662" }, { "name": "ValueName", "value": "Content Type" }, { "name": "Data", "value": "application/x-msdownload" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type" } ], "repeated": 0, "id": 9479 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000662" } ], "repeated": 0, "id": 9480 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9481 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9482 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9483 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9484 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 9485 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679381e000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9486 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793820000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9487 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9488 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9489 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetDllHandle", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" } ], "repeated": 0, "id": 9490 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "ntdll.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2d0f0000" }, { "name": "FunctionName", "value": "RtlDisownModuleHeapAllocation" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2d16fa30" } ], "repeated": 0, "id": 9491 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 9492 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 9493 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000066c" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro" } ], "repeated": 0, "id": 9494 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x0000066c" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793d10000" }, { "name": "SectionOffset", "value": "0xed196fcdc0" }, { "name": "ViewSize", "value": "0x00004000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9495 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000670" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" } ], "repeated": 0, "id": 9496 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000670" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793d20000" }, { "name": "SectionOffset", "value": "0xed196fdd20" }, { "name": "ViewSize", "value": "0x00049000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9497 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9498 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2722f000" }, { "name": "ModuleName", "value": "propsys.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9499 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\SysWOW64\\propsys.dll" } ], "repeated": 1, "id": 9500 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\propsys.dll" } ], "repeated": 0, "id": 9501 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 9502 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "SectionHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2" } ], "repeated": 0, "id": 9503 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000674" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro" } ], "repeated": 0, "id": 9504 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000674" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793d70000" }, { "name": "SectionOffset", "value": "0xed196fce70" }, { "name": "ViewSize", "value": "0x00004000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9505 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000678" }, { "name": "DesiredAccess", "value": "0x00000004" }, { "name": "ObjectAttributes", "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" } ], "repeated": 0, "id": 9506 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000678" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793d80000" }, { "name": "SectionOffset", "value": "0xed196fddd0" }, { "name": "ViewSize", "value": "0x0009c000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9507 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\SysWOW64\\propsys.dll" } ], "repeated": 1, "id": 9508 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryFullAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\propsys.dll" } ], "repeated": 0, "id": 9509 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9510 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000067c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\propsys.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9511 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000680" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000067c" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\propsys.dll.mui" } ], "repeated": 0, "id": 9512 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000680" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e20000" }, { "name": "SectionOffset", "value": "0xed196fc9d0" }, { "name": "ViewSize", "value": "0x00010000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9513 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9514 }, { "timestamp": "2026-05-28 21:44:23,635", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000680" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9515 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000680" }, { "name": "ValueName", "value": "AllowFileCLSIDJunctions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions" } ], "repeated": 0, "id": 9516 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9517 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" } ], "repeated": 0, "id": 9518 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000680" } ], "repeated": 0, "id": 9519 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "18" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 9520 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "20" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00" } ], "repeated": 0, "id": 9521 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9522 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": ".exe" }, { "name": "Handle", "value": "0x00000682" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\.exe" } ], "repeated": 0, "id": 9523 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000682" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "exefile" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)" } ], "repeated": 0, "id": 9524 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "exefile" }, { "name": "Handle", "value": "0x00000686" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\exefile" } ], "repeated": 0, "id": 9525 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000686" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 9526 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000686" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9527 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xd8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\x86\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\xe0\\xd9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 9528 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\exefile\\CurVer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\CurVer" } ], "repeated": 0, "id": 9529 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000686" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9530 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000686" }, { "name": "ObjectAttributesName", "value": "CurVer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer" } ], "repeated": 0, "id": 9531 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000686" }, { "name": "SubKey", "value": "" }, { "name": "Handle", "value": "0x0000068a" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\" } ], "repeated": 0, "id": 9532 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000686" } ], "repeated": 0, "id": 9533 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000068a" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 9534 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000000", "pretty_value": "HKEY_CLASSES_ROOT" }, { "name": "SubKey", "value": "SystemFileAssociations\\.exe" }, { "name": "Handle", "value": "0x00000686" }, { "name": "FullName", "value": "HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe" } ], "repeated": 0, "id": 9535 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000686" }, { "name": "SubKey", "value": "ShellEx\\IconHandler" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler" } ], "repeated": 0, "id": 9536 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000068a" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject" } ], "repeated": 0, "id": 9537 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000068a" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject" } ], "repeated": 0, "id": 9538 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000686" }, { "name": "ValueName", "value": "DocObject" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject" } ], "repeated": 0, "id": 9539 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000686" }, { "name": "SubKey", "value": "DocObject" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject" } ], "repeated": 0, "id": 9540 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000068a" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace" } ], "repeated": 0, "id": 9541 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000068a" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace" } ], "repeated": 0, "id": 9542 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000686" }, { "name": "ValueName", "value": "BrowseInPlace" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace" } ], "repeated": 0, "id": 9543 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000686" }, { "name": "SubKey", "value": "BrowseInPlace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace" } ], "repeated": 0, "id": 9544 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000682" }, { "name": "ValueName", "value": "Content Type" }, { "name": "Data", "value": "application/x-msdownload" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type" } ], "repeated": 0, "id": 9545 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x0000068a" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid" } ], "repeated": 0, "id": 9546 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000686" }, { "name": "SubKey", "value": "Clsid" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid" } ], "repeated": 0, "id": 9547 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000068a" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut" } ], "repeated": 0, "id": 9548 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000686" }, { "name": "ValueName", "value": "IsShortcut" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut" } ], "repeated": 0, "id": 9549 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000068a" }, { "name": "ValueName", "value": "AlwaysShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt" } ], "repeated": 0, "id": 9550 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000686" }, { "name": "ValueName", "value": "AlwaysShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt" } ], "repeated": 0, "id": 9551 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x0000068a" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt" } ], "repeated": 0, "id": 9552 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000686" }, { "name": "ValueName", "value": "NeverShowExt" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt" } ], "repeated": 0, "id": 9553 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000682" } ], "repeated": 0, "id": 9554 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000068a" } ], "repeated": 0, "id": 9555 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e5de", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000686" } ], "repeated": 0, "id": 9556 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9d3aa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" } ], "repeated": 1, "id": 9557 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9558 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000279", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9559 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x00000684" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 9560 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000684" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x00000688" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 9561 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9562 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 9563 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9564 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9565 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9566 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x01\\x97\\xf5\\xb7\\xc2\\xea\\xee\\xdc\\x01\\x9d\\xa9\\xd1\\xc9\\xb8\\xee\\xdc\\x01\\x9d\\xa9\\xd1\\xc9\\xb8\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\x05\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9567 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9568 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9569 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9570 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\Users" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9571 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf4a\\xd0\\x9c\\xb6\\xee\\xdc\\x01\\x97\\xf5\\xb7\\xc2\\xea\\xee\\xdc\\x01\\x9fj\"s\\x02\\xef\\xdc\\x01\\x9fj\"s\\x02\\xef\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x9a\\x01\\x00\\x00\\x00\\x04\\x00a\\x00d\\x00m\\x00i\\x00n\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9572 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9573 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9574 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9575 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\Users\\admin" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9576 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00R \\xd6\\x9c\\xb6\\xee\\xdc\\x01\\x97\\xf5\\xb7\\xc2\\xea\\xee\\xdc\\x01n\\xbc\\xe2\\x9c\\xb6\\xee\\xdc\\x01n\\xbc\\xe2\\x9c\\xb6\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\xa5\\x01\\x00\\x00\\x00\\x03\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9577 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9578 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9579 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9580 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xbd\\xd6\\x9c\\xb6\\xee\\xdc\\x01\\xe8\\x93\\x17\\xc5\\xea\\xee\\xdc\\x01\\xde\\x8d\\x85=\\x02\\xef\\xdc\\x01\\xde\\x8d\\x85=\\x02\\xef\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x001\\xa6\\x01\\x00\\x00\\x00\\x02\\x00L\\x00o\\x00c\\x00a\\x00l\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9581 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9582 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9583 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9584 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xbd\\xd6\\x9c\\xb6\\xee\\xdc\\x01E\\xc5\\xeb\\xc5\\xea\\xee\\xdc\\x01\\x8d\\xff[\\xc0\\xb8\\xee\\xdc\\x01\\x8d\\xff[\\xc0\\xb8\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00M\\x00I\\x00C\\x00R\\x00O\\x00S\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x003\\xa6\\x01\\x00\\x00\\x00\\x02\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9585 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9586 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9587 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9588 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xbd\\xd6\\x9c\\xb6\\xee\\xdc\\x01{\\x7f\\x9e$\\xeb\\xee\\xdc\\x01)S:q\\xb7\\xee\\xdc\\x01)S:q\\xb7\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00W\\x00I\\x00N\\x00D\\x00O\\x00W\\x00~\\x001\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\xa6\\x01\\x00\\x00\\x00\\x02\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00A\\x00p\\x00p\\x00s\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9589 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9590 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9591 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9592 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 9593 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000688" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9fI\\xbe\\xb1\\xb6\\xee\\xdc\\x01\\x19\\x048q\\xb7\\xee\\xdc\\x01\\x19\\x048q\\xb7\\xee\\xdc\\x01\\x19\\x048q\\xb7\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x04\\x00\\x00\\x14\\x00\\x00\\x00\\x1b\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa9\\x01\\x00\\x00\\x00\\x03\\x00p\\x00y\\x00t\\x00h\\x00o\\x00n\\x00.\\x00e\\x00x\\x00e\\x00" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 9594 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9595 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9596 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9597 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9598 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000684" } ], "repeated": 0, "id": 9599 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9600 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9601 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9602 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9603 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9604 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9605 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9606 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9607 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000680" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9608 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000688" } ], "repeated": 0, "id": 9609 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 9610 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9611 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9612 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9613 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9614 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9615 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000090" }, { "name": "ValueName", "value": "SafeProcessSearchMode" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode" } ], "repeated": 0, "id": 9616 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\microsoft\\windowsapps\\python.exe" } ], "repeated": 1, "id": 9617 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "c:\\users\\admin\\appdata\\local\\microsoft\\windowsapps\\python.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9618 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000279", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x80100180", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\microsoft\\windowsapps\\python.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "3", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9619 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtCreateFile", "status": false, "return": "0xffffffffc0000279", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\microsoft\\windowsapps\\python.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9620 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 9621 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9622 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9623 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000684" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9624 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000680" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000684" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 9625 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000680" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9626 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9627 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\SystemResources\\imageres.dll.mui.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9628 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000680" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9629 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000688" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000680" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 9630 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000688" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9631 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9632 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9633 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 9634 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9635 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9636 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9637 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 9638 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "11620", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9639 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "11620", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2d142b30" }, { "name": "Parameter", "value": "0x2678d8e0b50" } ], "repeated": 0, "id": 9640 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "3380", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 9641 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "3380", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2b4a2d30" }, { "name": "Parameter", "value": "0x267937b3180" } ], "repeated": 0, "id": 9642 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000680" } ], "repeated": 0, "id": 9643 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9644 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9645 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 9646 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe" } ], "repeated": 0, "id": 9647 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\\python.exe" } ], "repeated": 0, "id": 9648 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\\python.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9649 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0001a000" } ], "repeated": 0, "id": 9650 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\\python.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9651 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0001a000" } ], "repeated": 0, "id": 9652 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9653 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000684" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9654 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000688" } ], "repeated": 0, "id": 9655 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00u\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9656 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000068c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9657 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9658 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9659 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9660 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9661 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000684" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9662 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000688" } ], "repeated": 0, "id": 9663 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\xeao\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x82\\xd0\\x14\\xfc\\x7f\\x00\\x004\\x006\\x000\\x00e\\x008\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 9664 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0460e8" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9665 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9666 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9667 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9668 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9669 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000068c" } ], "repeated": 0, "id": 9670 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000068c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9671 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000684" } ], "repeated": 0, "id": 9672 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xe8o\\x19\\xed\\x00\\x00\\x00\\xe8\\xe9o\\x19\\xed\\x00\\x00\\x00\\xe8`\\xc1\\x93g\\x02\\x00\\x00 \\xe8o\\x19\\xed\\x00\\x00\\x00p\\xe8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x95\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9673 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9674 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000684" } ], "repeated": 0, "id": 9675 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000068c" } ], "repeated": 0, "id": 9676 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000688" } ], "repeated": 0, "id": 9677 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9678 }, { "timestamp": "2026-05-28 21:44:23,650", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9679 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\\python.exe" } ], "repeated": 0, "id": 9680 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9681 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9682 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9683 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9684 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 9685 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9686 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 9687 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9688 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000690" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 9689 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9690 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" }, { "name": "Handle", "value": "0x00000690" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" } ], "repeated": 0, "id": 9691 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "DelegateFolders" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" } ], "repeated": 0, "id": 9692 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "DelegateFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders" } ], "repeated": 3, "id": 9693 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "{031E4825-7B94-4dc3-B131-E946B44C8DD5}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}" } ], "repeated": 0, "id": 9694 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "2" }, { "name": "Name", "value": "{04731B67-D933-450a-90E6-4ACD2E9408FE}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}" } ], "repeated": 0, "id": 9695 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "3" }, { "name": "Name", "value": "{11016101-E366-4D22-BC06-4ADA335C892B}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}" } ], "repeated": 0, "id": 9696 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "4" }, { "name": "Name", "value": "{26EE0668-A00A-44D7-9371-BEB064C98683}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}" } ], "repeated": 0, "id": 9697 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "5" }, { "name": "Name", "value": "{2F6CE85C-F9EE-43CA-90C7-8A9BD53A2467}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{2F6CE85C-F9EE-43CA-90C7-8A9BD53A2467}" } ], "repeated": 0, "id": 9698 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "6" }, { "name": "Name", "value": "{4336a54d-038b-4685-ab02-99bb52d3fb8b}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}" } ], "repeated": 0, "id": 9699 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "7" }, { "name": "Name", "value": "{450D8FBA-AD25-11D0-98A8-0800361B1103}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}" } ], "repeated": 0, "id": 9700 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "8" }, { "name": "Name", "value": "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" } ], "repeated": 0, "id": 9701 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "9" }, { "name": "Name", "value": "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}" } ], "repeated": 0, "id": 9702 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "10" }, { "name": "Name", "value": "{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}" } ], "repeated": 0, "id": 9703 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "11" }, { "name": "Name", "value": "{645FF040-5081-101B-9F08-00AA002F954E}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}" } ], "repeated": 0, "id": 9704 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "12" }, { "name": "Name", "value": "{64693913-1c21-4f30-a98f-4e52906d3b56}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{64693913-1c21-4f30-a98f-4e52906d3b56}" } ], "repeated": 0, "id": 9705 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "13" }, { "name": "Name", "value": "{89D83576-6BD1-4c86-9454-BEB04E94C819}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}" } ], "repeated": 0, "id": 9706 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "14" }, { "name": "Name", "value": "{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}" } ], "repeated": 0, "id": 9707 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "15" }, { "name": "Name", "value": "{9343812e-1c37-4a49-a12e-4b2d810d956b}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}" } ], "repeated": 0, "id": 9708 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "16" }, { "name": "Name", "value": "{98F275B4-4FFF-11E0-89E2-7B86DFD72085}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}" } ], "repeated": 0, "id": 9709 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "17" }, { "name": "Name", "value": "{a00ee528-ebd9-48b8-944a-8942113d46ac}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{a00ee528-ebd9-48b8-944a-8942113d46ac}" } ], "repeated": 0, "id": 9710 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "18" }, { "name": "Name", "value": "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}" } ], "repeated": 0, "id": 9711 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "19" }, { "name": "Name", "value": "{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}" } ], "repeated": 0, "id": 9712 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "20" }, { "name": "Name", "value": "{daf95313-e44d-46af-be1b-cbacea2c3065}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}" } ], "repeated": 0, "id": 9713 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "21" }, { "name": "Name", "value": "{e345f35f-9397-435c-8f95-4e922c26259e}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}" } ], "repeated": 0, "id": 9714 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "22" }, { "name": "Name", "value": "{EDC978D6-4D53-4b2f-A265-5805674BE568}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{EDC978D6-4D53-4b2f-A265-5805674BE568}" } ], "repeated": 0, "id": 9715 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "23" }, { "name": "Name", "value": "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" } ], "repeated": 0, "id": 9716 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "24" }, { "name": "Name", "value": "{f8278c54-a712-415b-b593-b77a2be0dda9}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{f8278c54-a712-415b-b593-b77a2be0dda9}" } ], "repeated": 0, "id": 9717 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "25" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" } ], "repeated": 0, "id": 9718 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000690" }, { "name": "SubKey", "value": "" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000010", "pretty_value": "KEY_NOTIFY" }, { "name": "Handle", "value": "0x00000688" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 9719 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" }, { "name": "NotifyFilter", "value": "0x10000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 9720 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9721 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" }, { "name": "Handle", "value": "0x00000690" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace" } ], "repeated": 0, "id": 9722 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "{018D5C66-4533-4307-9B53-224DE2ED1FE6}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" } ], "repeated": 0, "id": 9723 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" } ], "repeated": 0, "id": 9724 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000690" }, { "name": "SubKey", "value": "" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000010", "pretty_value": "KEY_NOTIFY" }, { "name": "Handle", "value": "0x00000694" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 9725 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" }, { "name": "NotifyFilter", "value": "0x10000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 9726 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9727 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" }, { "name": "Handle", "value": "0x00000690" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" } ], "repeated": 0, "id": 9728 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "0" }, { "name": "Name", "value": "{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}" } ], "repeated": 0, "id": 9729 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegEnumKeyExW", "status": false, "return": "0x00000103", "pretty_return": "NO_MORE_ITEMS", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "Index", "value": "1" }, { "name": "Name", "value": "" }, { "name": "Class", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\" } ], "repeated": 0, "id": 9730 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCreateKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000690" }, { "name": "SubKey", "value": "" }, { "name": "Class", "value": "" }, { "name": "Access", "value": "0x00000010", "pretty_value": "KEY_NOTIFY" }, { "name": "Handle", "value": "0x000006a0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\" }, { "name": "Disposition", "value": "2", "pretty_value": "REG_OPENED_EXISTING_KEY" } ], "repeated": 0, "id": 9731 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\" }, { "name": "NotifyFilter", "value": "0x10000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 9732 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9733 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" } ], "repeated": 0, "id": 9734 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x00000598" }, { "name": "SubKey", "value": "SessionInfo\\1" }, { "name": "Handle", "value": "0x00000690" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1" } ], "repeated": 0, "id": 9735 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000690" }, { "name": "SubKey", "value": "Desktop\\NameSpace" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace" } ], "repeated": 0, "id": 9736 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000690" }, { "name": "SubKey", "value": "Desktop\\NameSpace\\DelegateFolders" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace\\DelegateFolders" } ], "repeated": 0, "id": 9737 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9738 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 9739 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9740 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000690" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" } ], "repeated": 0, "id": 9741 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "ValueName", "value": "StorageDelegateSuppressionPolicy" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy" } ], "repeated": 0, "id": 9742 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9743 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "misc", "api": "RtlSetCurrentTransaction", "status": true, "return": "0x00000001", "arguments": [ { "name": "TransactionHandle", "value": "0x00000000" } ], "repeated": 1, "id": 9744 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000000d4" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 9745 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "NtOpenKeyEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000690" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000000d4" }, { "name": "ObjectAttributesName", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders" } ], "repeated": 0, "id": 9746 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000690" }, { "name": "ValueName", "value": "StorageDelegate" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate" } ], "repeated": 0, "id": 9747 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9748 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9749 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000690" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9750 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000006ac" } ], "repeated": 0, "id": 9751 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9752 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9753 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 9754 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9755 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9756 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9757 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9758 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 9759 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9760 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000690" } ], "repeated": 0, "id": 9761 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 9762 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9763 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9764 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 9765 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 9766 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9767 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 9768 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc0000033", "pretty_return": "OBJECT_NAME_INVALID", "arguments": [ { "name": "FileName", "value": "C:\\??\\c:\\windows\\system32\\conhost.exe" } ], "repeated": 0, "id": 9769 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 9770 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9771 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9772 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9773 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006ac" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 9774 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006b0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9775 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 9776 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9777 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000690" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006b0" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 9778 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000690" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9779 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000690" } ], "repeated": 0, "id": 9780 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9781 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 9782 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9783 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9784 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9785 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 9786 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 9787 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9788 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 9789 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 9790 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 9791 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a27900", "parentcaller": "0x7ff729a9c4b1", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 9792 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9c455", "parentcaller": "0x7ff729a9e63c", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" } ], "repeated": 0, "id": 9793 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9c0df", "parentcaller": "0x7ff729a9c48a", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000594" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "4" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 9794 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3d36c", "parentcaller": "0x7ff729a9c16e", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "Index", "value": "0" }, { "name": "ValueName", "value": "OneDrive" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive" } ], "repeated": 0, "id": 9795 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3d20b", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "OneDrive" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive" } ], "repeated": 0, "id": 9796 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3d2e0", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "OneDrive" }, { "name": "Data", "value": "\"C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /background" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive" } ], "repeated": 0, "id": 9797 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9abc5", "parentcaller": "0x7ff729a9e244", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "OneDrive" }, { "name": "Data", "value": "\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\OneDrive" } ], "repeated": 0, "id": 9798 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" } ], "repeated": 0, "id": 9799 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x0d820002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9800 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0d820000" }, { "name": "RegionSize", "value": "0x00243000" } ], "repeated": 0, "id": 9801 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x0d820002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9802 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0d820000" }, { "name": "RegionSize", "value": "0x00243000" } ], "repeated": 0, "id": 9803 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9d3aa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" } ], "repeated": 1, "id": 9804 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x0d820002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9805 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0d820000" }, { "name": "RegionSize", "value": "0x00243000" } ], "repeated": 0, "id": 9806 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x0d820002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9807 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x0d820000" }, { "name": "RegionSize", "value": "0x00243000" } ], "repeated": 0, "id": 9808 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9809 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9810 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 9811 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xf7\\x7f\\x00\\x00\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\r)\\x8fg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x8fg\\x02\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9812 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9813 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9814 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9815 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9816 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9817 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9818 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 9819 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\xeao\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x82\\xd0\\x14\\xfc\\x7f\\x00\\x004\\x001\\x001\\x00e\\x008\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 9820 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0411e8" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9821 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9822 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9823 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9824 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9825 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9826 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9827 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000660" } ], "repeated": 0, "id": 9828 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xe8o\\x19\\xed\\x00\\x00\\x00\\xe8\\xe9o\\x19\\xed\\x00\\x00\\x00\\xe8\\x11\\xc1\\x93g\\x02\\x00\\x00 \\xe8o\\x19\\xed\\x00\\x00\\x00p\\xe8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x95\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9829 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9830 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9831 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9832 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9833 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9834 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9835 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe" } ], "repeated": 0, "id": 9836 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3d36c", "parentcaller": "0x7ff729a9c16e", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "Index", "value": "1" }, { "name": "ValueName", "value": "Discord" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord" } ], "repeated": 0, "id": 9837 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3d20b", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Discord" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord" } ], "repeated": 0, "id": 9838 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3d2e0", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Discord" }, { "name": "Data", "value": "\"C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord" } ], "repeated": 0, "id": 9839 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9abc5", "parentcaller": "0x7ff729a9e244", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Discord" }, { "name": "Data", "value": "\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Discord" } ], "repeated": 0, "id": 9840 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" } ], "repeated": 0, "id": 9841 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9842 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9843 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9844 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9845 }, { "timestamp": "2026-05-28 21:44:23,666", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9d3aa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" } ], "repeated": 1, "id": 9846 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9847 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9848 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9849 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9850 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9851 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9852 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 9853 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9854 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9855 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9856 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9857 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9858 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9859 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9860 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9861 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9862 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000664" } ], "repeated": 0, "id": 9863 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 9864 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9865 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9866 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9867 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9868 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9869 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" } ], "repeated": 1, "id": 9870 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "c:\\users\\admin\\appdata\\local\\discord\\update.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9871 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\SystemResources\\update.exe.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9872 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9873 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 9874 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9875 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9876 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9877 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000065c" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 9878 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9879 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9880 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9881 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 9882 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9883 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9884 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9885 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 9886 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9887 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9888 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9889 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 9890 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9891 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9892 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9893 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 9894 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe" } ], "repeated": 0, "id": 9895 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 9896 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9897 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 9898 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9899 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 9900 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9901 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9902 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 9903 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xf7\\x7f\\x00\\x00\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\r)\\x8fg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x8fg\\x02\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9904 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9905 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9906 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9907 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9908 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9909 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9910 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 9911 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\xeao\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x82\\xd0\\x14\\xfc\\x7f\\x00\\x004\\x002\\x000\\x00b\\x008\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 9912 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0420b8" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9913 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9914 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9915 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9916 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9917 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9918 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9919 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 9920 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xe8o\\x19\\xed\\x00\\x00\\x00\\xe8\\xe9o\\x19\\xed\\x00\\x00\\x00\\xb8 \\xc1\\x93g\\x02\\x00\\x00 \\xe8o\\x19\\xed\\x00\\x00\\x00p\\xe8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x95\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9921 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9922 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 9923 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9924 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9925 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9926 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9927 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 9928 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 0, "id": 9929 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\reg.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9930 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9931 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9932 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000660" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" } ], "repeated": 0, "id": 9933 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "SectionOffset", "value": "0xed196fdcf0" }, { "name": "ViewSize", "value": "0x0000a000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9934 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9935 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "RegionSize", "value": "0x0000a000" } ], "repeated": 0, "id": 9936 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9937 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00057000" } ], "repeated": 0, "id": 9938 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\reg.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9939 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9940 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9941 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000660" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" } ], "repeated": 0, "id": 9942 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "SectionOffset", "value": "0xed196fdce0" }, { "name": "ViewSize", "value": "0x0000a000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9943 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9944 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "RegionSize", "value": "0x0000a000" } ], "repeated": 0, "id": 9945 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9946 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00057000" } ], "repeated": 0, "id": 9947 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9948 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9949 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 9950 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9951 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9952 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9953 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9954 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9955 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9956 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 9957 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9958 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 9959 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000660" } ], "repeated": 0, "id": 9960 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 9961 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 9962 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9963 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9964 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9965 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 9966 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 1, "id": 9967 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "c:\\windows\\system32\\reg.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9968 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\reg.exe.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9969 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00057000" } ], "repeated": 0, "id": 9970 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 9971 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9972 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 9973 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9974 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 9975 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9976 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9977 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 9978 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000664" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 9979 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000660" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9980 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 9981 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9982 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 9983 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 9984 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9985 }, { "timestamp": "2026-05-28 21:44:23,682", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 9986 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 9987 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 9988 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 9989 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 9990 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 9991 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 0, "id": 9992 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a99e19", "parentcaller": "0x7ff729a9c6b0", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793826000" }, { "name": "RegionSize", "value": "0x00002000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9993 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 9994 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 9995 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9996 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9997 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 9998 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 9999 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10000 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10001 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10002 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10003 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10004 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 10005 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10006 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10007 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10008 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10009 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 10010 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 0, "id": 10011 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\reg.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10012 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10013 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10014 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" } ], "repeated": 0, "id": 10015 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "SectionOffset", "value": "0xed196fdcf0" }, { "name": "ViewSize", "value": "0x0000a000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10016 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10017 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "RegionSize", "value": "0x0000a000" } ], "repeated": 0, "id": 10018 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10019 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00057000" } ], "repeated": 0, "id": 10020 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\reg.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10021 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10022 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10023 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\reg.exe.mui" } ], "repeated": 0, "id": 10024 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "SectionOffset", "value": "0xed196fdce0" }, { "name": "ViewSize", "value": "0x0000a000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10025 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10026 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e90000" }, { "name": "RegionSize", "value": "0x0000a000" } ], "repeated": 0, "id": 10027 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10028 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00057000" } ], "repeated": 0, "id": 10029 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\reg.exe" } ], "repeated": 0, "id": 10030 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10031 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10032 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10033 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10034 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10035 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10036 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10037 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10038 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10039 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10040 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10041 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 10042 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10043 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10044 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10045 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10046 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10047 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10048 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10049 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10050 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10051 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10052 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10053 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10054 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10055 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10056 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10057 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a3bd3f", "parentcaller": "0x7ff729a9c7b4", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793828000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10058 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10059 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10060 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10061 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10062 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10063 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10064 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10065 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10066 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10067 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10068 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10069 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10070 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10071 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10072 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10073 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10074 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10075 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10076 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10077 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 1, "id": 10078 }, { "timestamp": "2026-05-28 21:44:23,697", "thread_id": "5800", "caller": "0x7ff729a3bd3f", "parentcaller": "0x7ff729a9c7b4", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793829000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10079 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10080 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10081 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10082 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x0be3b000" } ], "repeated": 0, "id": 10083 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe" } ], "repeated": 0, "id": 10084 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "\\\\?\\C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10085 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000de000" } ], "repeated": 0, "id": 10086 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10087 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10088 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000664" } ], "repeated": 0, "id": 10089 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10090 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10091 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10092 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10093 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10094 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10095 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10096 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10097 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10098 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 10099 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 10100 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10101 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10102 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10103 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10104 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10105 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" } ], "repeated": 0, "id": 10106 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "\\\\?\\c:\\users\\admin\\appdata\\local\\discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10107 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\SystemResources\\gpu_encoder_helper.exe.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10108 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000de000" } ], "repeated": 0, "id": 10109 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 10110 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10111 }, { "timestamp": "2026-05-28 21:44:23,713", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10112 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10113 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000664" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 10114 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10115 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10116 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10117 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006ac" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 10118 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10119 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10120 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10121 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 10122 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10123 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10124 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10125 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 10126 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10127 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10128 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10129 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 10130 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" } ], "repeated": 0, "id": 10131 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10132 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10133 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10134 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10135 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10136 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10137 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10138 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10139 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10140 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10141 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10142 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "\\\\?\\C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10143 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000de000" } ], "repeated": 0, "id": 10144 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" } ], "repeated": 0, "id": 10145 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10146 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10147 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10148 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10149 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10150 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10151 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10152 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10153 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10154 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10155 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10156 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "\\\\?\\C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10157 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000de000" } ], "repeated": 0, "id": 10158 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" } ], "repeated": 0, "id": 10159 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10160 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10161 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10162 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10163 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10164 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10165 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10166 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10167 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10168 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10169 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10170 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "\\\\?\\C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10171 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000de000" } ], "repeated": 0, "id": 10172 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe" } ], "repeated": 0, "id": 10173 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10174 }, { "timestamp": "2026-05-28 21:44:23,760", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10175 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10176 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10177 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10178 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10179 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10180 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10181 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000660" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10182 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10183 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10184 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a3d36c", "parentcaller": "0x7ff729a9c16e", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "Index", "value": "2" }, { "name": "ValueName", "value": "Steam" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam" } ], "repeated": 0, "id": 10185 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a3d20b", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Steam" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam" } ], "repeated": 0, "id": 10186 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a3d2e0", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Steam" }, { "name": "Data", "value": "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam" } ], "repeated": 0, "id": 10187 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9abc5", "parentcaller": "0x7ff729a9e244", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "Steam" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Steam" } ], "repeated": 0, "id": 10188 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" } ], "repeated": 0, "id": 10189 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10190 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00708000" } ], "repeated": 0, "id": 10191 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10192 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00708000" } ], "repeated": 0, "id": 10193 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9d3aa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" } ], "repeated": 1, "id": 10194 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10195 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00708000" } ], "repeated": 0, "id": 10196 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10197 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00708000" } ], "repeated": 0, "id": 10198 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10199 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10200 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 10201 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xf7\\x7f\\x00\\x00\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\r)\\x8fg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x8fg\\x02\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10202 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10203 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10204 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10205 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10206 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10207 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10208 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 10209 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\xeao\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x82\\xd0\\x14\\xfc\\x7f\\x00\\x004\\x006\\x005\\x00d\\x008\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10210 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0465d8" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10211 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10212 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10213 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10214 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10215 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10216 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10217 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000660" } ], "repeated": 0, "id": 10218 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xe8o\\x19\\xed\\x00\\x00\\x00\\xe8\\xe9o\\x19\\xed\\x00\\x00\\x00\\xd8e\\xc1\\x93g\\x02\\x00\\x00 \\xe8o\\x19\\xed\\x00\\x00\\x00p\\xe8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x95\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10219 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10220 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10221 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10222 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10223 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10224 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679382d000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10225 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10226 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steam.exe" } ], "repeated": 0, "id": 10227 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": ".\\bin\\vulkandriverquery64.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10228 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10229 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10230 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 10231 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00z\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10232 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10233 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10234 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10235 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10236 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10237 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10238 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10239 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10240 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000006ac" } ], "repeated": 0, "id": 10241 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 10242 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10243 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10244 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10245 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10246 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10247 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\vulkandriverquery64.exe" } ], "repeated": 0, "id": 10248 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 10249 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10250 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10251 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10252 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x0000065c" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 10253 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10254 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10255 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10256 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000664" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 10257 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10258 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10259 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10260 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 10261 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10262 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10263 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10264 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 10265 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10266 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10267 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10268 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 10269 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\vulkandriverquery64.exe" } ], "repeated": 0, "id": 10270 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10271 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10272 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10273 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10274 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10275 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10276 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10277 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10278 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000065c" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10279 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10280 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10281 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 10282 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10283 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10284 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a20ed2", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679382e000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10285 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10286 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10287 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10288 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10289 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000664" } ], "repeated": 0, "id": 10290 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xf7\\x7f\\x00\\x00\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\r)\\x8fg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00)\\x8fg\\x02\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10291 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10292 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10293 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10294 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10295 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10296 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x0000065c" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10297 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000664" } ], "repeated": 0, "id": 10298 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x90\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\xeao\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00T\\x82\\xd0\\x14\\xfc\\x7f\\x00\\x004\\x008\\x008\\x006\\x008\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xe9o\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10299 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!048868" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10300 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10301 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10302 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x0000063c" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10303 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10304 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10305 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10306 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x0000065c" } ], "repeated": 0, "id": 10307 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xa0\\xe7o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xe8o\\x19\\xed\\x00\\x00\\x00\\xe8\\xe9o\\x19\\xed\\x00\\x00\\x00h\\x88\\xc1\\x93g\\x02\\x00\\x00 \\xe8o\\x19\\xed\\x00\\x00\\x00p\\xe8o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x95\\x00\\x00\\x00\\x00\\xbd\\x93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10308 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10309 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x0000065c" } ], "repeated": 0, "id": 10310 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10311 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10312 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10313 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10314 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10315 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10316 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10317 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10318 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10319 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10320 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10321 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10322 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10323 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10324 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10325 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10326 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10327 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10328 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10329 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679382f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10330 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10331 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10332 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10333 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10334 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10335 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10336 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10337 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10338 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10339 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10340 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10341 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10342 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10343 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10344 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10345 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10346 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10347 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10348 }, { "timestamp": "2026-05-28 21:44:23,775", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10349 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10350 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 1, "id": 10351 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10352 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10353 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10354 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x008f9000" } ], "repeated": 0, "id": 10355 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe" } ], "repeated": 0, "id": 10356 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": ".\\bin\\vulkandriverquery.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10357 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10358 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000660" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10359 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000664" } ], "repeated": 0, "id": 10360 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00{\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10361 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10362 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10363 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10364 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10365 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10366 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10367 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10368 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10369 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000660" } ], "repeated": 0, "id": 10370 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 10371 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10372 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000660" } ], "repeated": 0, "id": 10373 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10374 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10375 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10376 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\vulkandriverquery.exe" } ], "repeated": 0, "id": 10377 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 10378 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10379 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10380 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10381 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000664" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 10382 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10383 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10384 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10385 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 10386 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006b0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10387 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10388 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10389 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 10390 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10391 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10392 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10393 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 10394 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10395 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10396 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10397 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 10398 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\vulkandriverquery.exe" } ], "repeated": 0, "id": 10399 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10400 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10401 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10402 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10403 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10404 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10405 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10406 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10407 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000664" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10408 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10409 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10410 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": ".\\bin\\gldriverquery64.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10411 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10412 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10413 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 10414 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00|\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10415 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10416 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10417 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10418 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10419 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10420 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10421 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10422 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10423 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000664" } ], "repeated": 0, "id": 10424 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 10425 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10426 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10427 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10428 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10429 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10430 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\gldriverquery64.exe" } ], "repeated": 0, "id": 10431 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 10432 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10433 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10434 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10435 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 10436 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006b0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10437 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10438 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10439 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006b0" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 10440 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000664" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10441 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000664" } ], "repeated": 0, "id": 10442 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10443 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 10444 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10445 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10446 }, { "timestamp": "2026-05-28 21:44:23,791", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10447 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 10448 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10449 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10450 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10451 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 10452 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\gldriverquery64.exe" } ], "repeated": 0, "id": 10453 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": ".\\bin\\gldriverquery.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10454 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10455 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10456 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000006b0" } ], "repeated": 0, "id": 10457 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10458 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10459 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10460 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10461 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10462 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10463 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10464 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10465 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10466 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x00000648" } ], "repeated": 0, "id": 10467 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 10468 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10469 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10470 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10471 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10472 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10473 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\gldriverquery.exe" } ], "repeated": 0, "id": 10474 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 10475 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10476 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10477 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10478 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006b0" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 10479 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10480 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10481 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10482 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006ac" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 10483 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10484 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10485 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10486 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 10487 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10488 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10489 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10490 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 10491 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10492 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10493 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10494 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 10495 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\bin\\gldriverquery.exe" } ], "repeated": 0, "id": 10496 }, { "timestamp": "2026-05-28 21:44:23,838", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9c7b4", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steamsysinfo.exe" } ], "repeated": 0, "id": 10497 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Steam\\steamsysinfo.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10498 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00149000" } ], "repeated": 0, "id": 10499 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" }, { "name": "Handle", "value": "0x000006b0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume" } ], "repeated": 0, "id": 10500 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006b0" }, { "name": "SubKey", "value": "{528c102f-0000-0000-0000-300300000000}\\" }, { "name": "Handle", "value": "0x000006ac" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" } ], "repeated": 0, "id": 10501 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10502 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" }, { "name": "ValueName", "value": "Generation" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" } ], "repeated": 0, "id": 10503 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10504 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10505 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "HandleName", "value": "C:\\" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 10506 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbeAb\\xc8\\xde\\xac\\xd5\\x01\\x9e\\x9a\\x01\\xc8\\xea\\xee\\xdc\\x01\\xb2\\x020C\\x00\\xef\\xdc\\x01\\xb2\\x020C\\x00\\xef\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00P\\x00R\\x00O\\x00G\\x00R\\x00A\\x00~\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc9\\x04\\x00\\x00\\x00\\x00\\x01\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00 \\x00F\\x00i\\x00l\\x00e\\x00s\\x00 \\x00(\\x00x\\x008\\x006\\x00)\\x00" }, { "name": "FileName", "value": "C:\\Program Files (x86)" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 10507 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10508 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 10509 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Size", "value": "0x00000001" }, { "name": "Buffer", "value": "\\x00" } ], "repeated": 0, "id": 10510 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "WriteProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Buffer", "value": "\\x01" }, { "name": "BufferLength", "value": "0x00000001" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10511 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\desktop.ini" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10512 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\desktop.ini" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10513 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\desktop.ini" }, { "name": "Buffer", "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x007\\x00\r\\x00\n\\x00" }, { "name": "Length", "value": "174" } ], "repeated": 0, "id": 10514 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\desktop.ini" }, { "name": "FileInformationClass", "value": "4", "pretty_value": "FileBasicInformation" }, { "name": "FileInformation", "value": "\\x81n\\x9f\\xc9\\xde\\xac\\xd5\\x01G$\\x1d&\\xeb\\xee\\xdc\\x01\\xab\\xb8,{\\xde\\xac\\xd5\\x01e\\x9e\\x95\\xc2\\xf8\\xee\\xdc\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10515 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10516 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10517 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 10518 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Size", "value": "0x00000001" }, { "name": "Buffer", "value": "\\x01" } ], "repeated": 0, "id": 10519 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "process", "api": "WriteProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0xed18ea4281" }, { "name": "Buffer", "value": "\\x00" }, { "name": "BufferLength", "value": "0x00000001" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10520 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10521 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "HandleName", "value": "C:\\Program Files (x86)" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 10522 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb2\\x020C\\x00\\xef\\xdc\\x01-C\\x85\\xcd\\xea\\xee\\xdc\\x01-C\\x85\\xcd\\xea\\xee\\xdc\\x01-C\\x85\\xcd\\xea\\xee\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1d\\xf7\\x01\\x00\\x00\\x00\\x02\\x00S\\x00t\\x00e\\x00a\\x00m\\x00" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 10523 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10524 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10525 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00100081", "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "7", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE" }, { "name": "FileAttributes", "value": "0x00000000" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10526 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryInformationFile", "status": false, "return": "0xffffffffc000000d", "pretty_return": "INVALID_PARAMETER", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "HandleName", "value": "C:\\Program Files (x86)\\Steam" }, { "name": "FileInformationClass", "value": "55", "pretty_value": "FileReplaceCompletionInformation" }, { "name": "FileInformation", "value": "" } ], "repeated": 0, "id": 10527 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "filesystem", "api": "NtQueryDirectoryFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006ac" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe1T\\xbaK\\x00\\xef\\xdc\\x01&\\xe9\\x1c&\\xeb\\xee\\xdc\\x01\\x00ro\\x15(\\xee\\xdc\\x01\\x06K,d\\x00\\xef\\xdc\\x01\\x98\\xfe\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00S\\x00T\\x00E\\x00A\\x00M\\x00S\\x00~\\x001\\x00.\\x00E\\x00X\\x00E\\x00\\x00\\x00-)\\x02\\x00\\x00\\x00\\x01\\x00s\\x00t\\x00e\\x00a\\x00m\\x00s\\x00y\\x00s\\x00i\\x00n\\x00f\\x00o\\x00.\\x00e\\x00x\\x00e\\x00" }, { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steamsysinfo.exe" }, { "name": "FileInformationClass", "value": "37", "pretty_value": "FileIdBothDirectoryInformation" } ], "repeated": 0, "id": 10528 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a0e589", "parentcaller": "0x7ff729a4c5c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10529 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10530 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10531 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000006b0" } ], "repeated": 0, "id": 10532 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xd0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xc0_w\\x93g\\x02\\x00\\x00P\\xedo\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10533 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10534 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10535 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10536 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10537 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005ec" }, { "name": "HandleName", "value": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x000r\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10538 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10539 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10540 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00000400", "pretty_value": "PROCESS_QUERY_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10541 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000006ac" } ], "repeated": 0, "id": 10542 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xe0\\xe6o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d|f\\x14\\xfc\\x7f\\x00\\x00(\\x8bf\\x14\\xfc\\x7f\\x00\\x00\\xf4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00]\\xdd\\xd7*\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x1c\\x0f\\xa2\\xd4\\x95\\x00\\x00\\xb8'\\x81\\x93g\\x02\\x00\\x00" } ], "repeated": 0, "id": 10543 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" }, { "name": "MutexName", "value": "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10544 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10545 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10546 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10547 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005f4" } ], "repeated": 0, "id": 10548 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\program files (x86)\\Steam\\steamsysinfo.exe" } ], "repeated": 1, "id": 10549 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "c:\\program files (x86)\\steam\\steamsysinfo.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10550 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": false, "return": "0xffffffffc000003a", "pretty_return": "OBJECT_PATH_NOT_FOUND", "arguments": [ { "name": "FileHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\program files (x86)\\SystemResources\\steamsysinfo.exe.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10551 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00149000" } ], "repeated": 0, "id": 10552 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\imageres.dll" } ], "repeated": 1, "id": 10553 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\system32\\imageres.dll" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10554 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10555 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10556 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000006b0" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\imageres.dll.mui" } ], "repeated": 0, "id": 10557 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x00000648" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed196fc660" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10558 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10559 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x00000648" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10560 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x00000648" }, { "name": "FileName", "value": "C:\\Windows\\SystemResources\\imageres.dll.mun" } ], "repeated": 0, "id": 10561 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000006ac" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed196fc610" }, { "name": "ViewSize", "value": "0x013c0000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10562 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ac" } ], "repeated": 0, "id": 10563 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e72e40", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#14" }, { "name": "Name", "value": "#15" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10564 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee6950", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e72e40" } ], "repeated": 0, "id": 10565 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "FindResourceExW", "status": true, "return": "0x26793e68940", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "Type", "value": "#3" }, { "name": "Name", "value": "#63" }, { "name": "Language", "value": "0x00000000" } ], "repeated": 0, "id": 10566 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "SizeofResource", "status": true, "return": "0x00000468", "arguments": [ { "name": "ModuleHandle", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10567 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "misc", "api": "LoadResource", "status": true, "return": "0x26793ee64e8", "arguments": [ { "name": "Module", "value": "0x26793e30002" }, { "name": "ResourceInfo", "value": "0x26793e68940" } ], "repeated": 0, "id": 10568 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x013c0000" } ], "repeated": 0, "id": 10569 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000648" } ], "repeated": 0, "id": 10570 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10571 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10572 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9ec3e", "parentcaller": "0x7ff729a9c7ef", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00003000" } ], "repeated": 0, "id": 10573 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Steam\\steamsysinfo.exe" } ], "repeated": 0, "id": 10574 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": false, "return": "0x00000000", "arguments": [ { "name": "lpLibFileName", "value": "\\??\\C:\\Windows\\system32\\conhost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10575 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtCreateFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "DesiredAccess", "value": "0x80100080", "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "CreateDisposition", "value": "1", "pretty_value": "FILE_OPEN" }, { "name": "ShareAccess", "value": "1", "pretty_value": "FILE_SHARE_READ" }, { "name": "FileAttributes", "value": "0x00000080", "pretty_value": "FILE_ATTRIBUTE_NORMAL" }, { "name": "ExistedBefore", "value": "yes" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10576 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtQueryInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "5", "pretty_value": "FileStandardInformation" }, { "name": "FileInformation", "value": "\\x00@\r\\x00\\x00\\x00\\x00\\x00\\x00<\r\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10577 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10578 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "MZ" }, { "name": "Length", "value": "2" } ], "repeated": 0, "id": 10579 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "<\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10580 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "\\xf0\\x00\\x00\\x00" }, { "name": "Length", "value": "4" } ], "repeated": 0, "id": 10581 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtSetInformationFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "FileInformationClass", "value": "14", "pretty_value": "FilePositionInformation" }, { "name": "FileInformation", "value": "\\xf0\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10582 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "filesystem", "api": "NtReadFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000006b0" }, { "name": "HandleName", "value": "C:\\Windows\\System32\\conhost.exe" }, { "name": "Buffer", "value": "PE\\x00\\x00d\\x86\\x07\\x00\\xdc6\\xe4/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x00\"\\x00\\x0b\\x02\\x0e\\x14\\x00\\xa2\t\\x00\\x00\\xcc\\x03\\x00\\x00\\x00\\x00\\x00P\\xf7\\x01\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00" }, { "name": "Length", "value": "64" } ], "repeated": 0, "id": 10583 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006b0" } ], "repeated": 0, "id": 10584 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9c7fa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Windows\\System32\\conhost.exe" } ], "repeated": 0, "id": 10585 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a3d36c", "parentcaller": "0x7ff729a9c16e", "category": "registry", "api": "RegEnumValueW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "Index", "value": "3" }, { "name": "ValueName", "value": "MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" }, { "name": "Type", "value": "1", "pretty_value": "REG_SZ" }, { "name": "DataLength", "value": "0" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" } ], "repeated": 0, "id": 10586 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a3d20b", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" } ], "repeated": 0, "id": 10587 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a3d2e0", "parentcaller": "0x7ff729a9c1bd", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" }, { "name": "Data", "value": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --win-session-start" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" } ], "repeated": 0, "id": 10588 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9abc5", "parentcaller": "0x7ff729a9e244", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000588" }, { "name": "ValueName", "value": "MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A" } ], "repeated": 0, "id": 10589 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a3bbeb", "parentcaller": "0x7ff729a9cf53", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" } ], "repeated": 0, "id": 10590 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10591 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9af9", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00505000" } ], "repeated": 0, "id": 10592 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10593 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff7299f9b37", "parentcaller": "0x7ff729a9d4e8", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00505000" } ], "repeated": 0, "id": 10594 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9e129", "parentcaller": "0x7ff729a9d3aa", "category": "filesystem", "api": "NtQueryAttributesFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileName", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" } ], "repeated": 0, "id": 10595 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a27900", "parentcaller": "0x7ff729a9c4b1", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 10596 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9c455", "parentcaller": "0x7ff729a9e63c", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "name": "Handle", "value": "0x00000594" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" } ], "repeated": 0, "id": 10597 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a9c0df", "parentcaller": "0x7ff729a9c48a", "category": "registry", "api": "RegQueryInfoKeyW", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000594" }, { "name": "Class", "value": "" }, { "name": "SubKeyCount", "value": "0" }, { "name": "MaxSubKeyLength", "value": "0" }, { "name": "MaxClassLength", "value": "0" }, { "name": "ValueCount", "value": "0" }, { "name": "MaxValueNameLength", "value": "0" }, { "name": "MaxValueLength", "value": "0" } ], "repeated": 0, "id": 10598 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a27900", "parentcaller": "0x7ff729a9c4b1", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 10599 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000594" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d8" }, { "name": "ObjectAttributesName", "value": "Windows.ApplicationModel.Internal.StartupTaskInternal" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal" } ], "repeated": 0, "id": 10600 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x00000594" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00j\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00r\\x00t\\x00u\\x00p\\x00T\\x00a\\x00s\\x00k\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8e\\xff8dg\\x02\\x00\\x00\\xff99\\xffefo\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xffc4\\x02\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xff98~|\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfff0o\\x19\\xffed\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00@\\xfff3v\\xff93g\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p~|\\xff93g\\x02\\x00\\x00@\\xfff3v\\xff93g\\x02\\x00\\x00p8~\\xff93g\\x02\\x00\\x00\\xffc7\\xffb3\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\xff90\\xfff8\\xff82\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffffp8~\\xff93g\\x02\\x00\\x00\\xff80\\xffba\\xff81\\xff93g\\x02\\x00\\x00\\xff80\\xffba\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xfff3v\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x006\\xff8cO+\\xfffc\\x7f\\x00\\x000\\xff9c\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfff1o\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xfff1o\\x19\\xffed\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 10601 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivationType" } ], "repeated": 0, "id": 10602 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Server" } ], "repeated": 0, "id": 10603 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\DllPath" } ], "repeated": 0, "id": 10604 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Threading" } ], "repeated": 0, "id": 10605 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\TrustLevel" } ], "repeated": 0, "id": 10606 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x00000594" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\CustomAttributes" } ], "repeated": 0, "id": 10607 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\RemoteServer" } ], "repeated": 0, "id": 10608 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateAsUser" } ], "repeated": 0, "id": 10609 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInSharedBroker" } ], "repeated": 0, "id": 10610 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 10611 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Permissions" } ], "repeated": 0, "id": 10612 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x00000594" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateOnHostFlags" } ], "repeated": 0, "id": 10613 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000594" } ], "repeated": 0, "id": 10614 }, { "timestamp": "2026-05-28 21:44:23,854", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\twinapi.appcore" }, { "name": "DllBase", "value": "0x7ffc25980000" } ], "repeated": 0, "id": 10615 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "624" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\services.exe" } ], "repeated": 0, "id": 10616 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10617 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "624" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\services.exe" } ], "repeated": 0, "id": 10618 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10619 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\services.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10620 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10621 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\services.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10622 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\services.exe.mui" } ], "repeated": 0, "id": 10623 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793ee0000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00005000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10624 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10625 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793ee0000" }, { "name": "RegionSize", "value": "0x00005000" } ], "repeated": 0, "id": 10626 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10627 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000b0000" } ], "repeated": 0, "id": 10628 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\services.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10629 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10630 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\services.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10631 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\services.exe.mui" } ], "repeated": 0, "id": 10632 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793ee0000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00005000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10633 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10634 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793ee0000" }, { "name": "RegionSize", "value": "0x00005000" } ], "repeated": 0, "id": 10635 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10636 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x000b0000" } ], "repeated": 0, "id": 10637 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": false, "return": "0xffffffffc0000022", "pretty_return": "ACCESS_DENIED", "arguments": [ { "name": "ProcessHandle", "value": "0x7ffc2ad7ad9e" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "624" } ], "repeated": 0, "id": 10638 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "624" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\services.exe" } ], "repeated": 0, "id": 10639 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 10640 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 10641 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\xcf\\x80\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00h\\xcf\\x80\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xcf\\x80\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00!]\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10642 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10643 }, { "timestamp": "2026-05-28 21:44:23,994", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10644 }, { "timestamp": "2026-05-28 21:44:24,088", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel" }, { "name": "DllBase", "value": "0x7ffc19ae0000" } ], "repeated": 0, "id": 10645 }, { "timestamp": "2026-05-28 21:44:24,229", "thread_id": "11620", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x00000690" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 10646 }, { "timestamp": "2026-05-28 21:44:24,229", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10647 }, { "timestamp": "2026-05-28 21:44:24,229", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10648 }, { "timestamp": "2026-05-28 21:44:24,229", "thread_id": "11620", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 10649 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "760" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10650 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f068f", "parentcaller": "0x7ff7299edc11", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10651 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "760" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10652 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10653 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "760" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10654 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10655 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10656 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10657 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10658 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 10659 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10660 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10661 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10662 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10663 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 10664 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e30002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10665 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10666 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10667 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 10668 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10669 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10670 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10671 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10672 }, { "timestamp": "2026-05-28 21:44:24,275", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e30000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 10673 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" }, { "name": "BaseAddress", "value": "0x7ffc19ae0000" } ], "repeated": 0, "id": 10674 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc19ae0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 10675 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19ae0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19aefa40" } ], "repeated": 0, "id": 10676 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19ae0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19aee870" } ], "repeated": 0, "id": 10677 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "ModuleHandle", "value": "0x7ffc19ae0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc19aef430" } ], "repeated": 0, "id": 10678 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10679 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10680 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10681 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10682 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99c51", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10683 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000a" }, { "name": "TokenHandle", "value": "0x000006c0" } ], "repeated": 0, "id": 10684 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c0" } ], "repeated": 0, "id": 10685 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006c0" }, { "name": "DesiredAccess", "value": "0x80000000", "pretty_value": "0x80000000" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" } ], "repeated": 0, "id": 10686 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000006c0" }, { "name": "ValueName", "value": "automatedAppLaunch" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\automatedAppLaunch" } ], "repeated": 0, "id": 10687 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "p\\xf5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00 \\x02\\x00\\x00\\xcc\\xabE\\x83K\\x87\\x085\\xde\\x03\\x85\\x97Bd\\x958\\x98\\x1cd{b\\xa4\\xe7M\\xfeUia\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 10688 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c0" } ], "repeated": 0, "id": 10689 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10690 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "DesiredAccess", "value": "0x0000000a" }, { "name": "TokenHandle", "value": "0x000006c4" } ], "repeated": 0, "id": 10691 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10692 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006c4" }, { "name": "DesiredAccess", "value": "0x80000000", "pretty_value": "0x80000000" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities" } ], "repeated": 0, "id": 10693 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtQueryValueKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x000006c4" }, { "name": "ValueName", "value": "automatedAppLaunch" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\automatedAppLaunch" } ], "repeated": 0, "id": 10694 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "0\\xf5o\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00 \\x02\\x00\\x00\\xcc\\xabE\\x83K\\x87\\x085\\xde\\x03\\x85\\x97Bd\\x958\\x98\\x1cd{b\\xa4\\xe7M\\xfeUia\\x00\\x00\\x18\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x00\\x00" } ], "repeated": 0, "id": 10695 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10696 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c0" } ], "repeated": 0, "id": 10697 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "0000034B-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000001", "pretty_value": "CLSCTX_INPROC_SERVER" }, { "name": "riid", "value": "0000015B-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 10698 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006c0" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "14276" } ], "repeated": 0, "id": 10699 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000006c0" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000006c4" } ], "repeated": 0, "id": 10700 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10701 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10702 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c0" } ], "repeated": 0, "id": 10703 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "5800" } ], "repeated": 0, "id": 10704 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "threading", "api": "NtCreateThreadEx", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000006c8" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartAddress", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x2679345b170" }, { "name": "CreateFlags", "value": "0x00000001" }, { "name": "ThreadId", "value": "6000" }, { "name": "ProcessId", "value": "14276" }, { "name": "Module", "value": "SHCORE.DLL" } ], "repeated": 0, "id": 10705 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "threading", "api": "CreateRemoteThreadEx", "status": true, "return": "0x000006c8", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "StartRoutine", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x2679345b170" }, { "name": "CreationFlags", "value": "0x00000004" }, { "name": "ThreadId", "value": "6000" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 10706 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "threading", "api": "NtResumeThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0x000006c8" }, { "name": "SuspendCount", "value": "1" }, { "name": "ThreadId", "value": "6000" }, { "name": "ProcessId", "value": "14276" } ], "repeated": 0, "id": 10707 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c8" } ], "repeated": 0, "id": 10708 }, { "timestamp": "2026-05-28 21:44:24,369", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10709 }, { "timestamp": "2026-05-28 21:44:24,400", "thread_id": "6000", "caller": "0x7ffc2d16507d", "parentcaller": "0x7ffc2d164c43", "category": "threading", "api": "NtTestAlert", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10710 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x00000000", "parentcaller": "0x00000000", "category": "threading", "api": "RtlUserThreadStart", "status": true, "return": "0x00000000", "arguments": [ { "name": "StartAddress", "value": "0x7ffc2b1653d0" }, { "name": "Parameter", "value": "0x2679345b170" } ], "repeated": 0, "id": 10711 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679383c000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10712 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10713 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10714 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10715 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006c4" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d8" }, { "name": "ObjectAttributesName", "value": "Windows.Foundation.Diagnostics.AsyncCausalityTracer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer" } ], "repeated": 0, "id": 10716 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006c4" }, { "name": "KeyInformation", "value": "\\xff97\\xfffc\\xffe7\\xffe6\\xfff8\\xffee\\xffdc\\x01\\x00\\x00\\x00\\x00f\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00D\\x00i\\x00a\\x00g\\x00n\\x00o\\x00s\\x00t\\x00i\\x00c\\x00s\\x00.\\x00A\\x00s\\x00y\\x00n\\x00c\\x00C\\x00a\\x00u\\x00s\\x00a\\x00l\\x00i\\x00t\\x00y\\x00T\\x00r\\x00a\\x00c\\x00e\\x00r\\x00\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8e\\xff8dg\\x02\\x00\\x00\t\\xffedo\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xffc4\\x02\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xfff8o|\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffedo\\x19\\xffed\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xffb0n|\\xff93g\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0o|\\xff93g\\x02\\x00\\x00\\xffb0n|\\xff93g\\x02\\x00\\x0007~\\xff93g\\x02\\x00\\x00\\xffc7\\xffb3\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\xff90\\xfff7\\xff82\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff07~\\xff93g\\x02\\x00\\x00\\xffd0\\xffbb\\xff81\\xff93g\\x02\\x00\\x00\\xffd0\\xffbb\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0n|\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\xff8fg\\x02\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x006\\xff8cO+\\xfffc\\x7f\\x00\\x00\\x10\\xffa8\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffeeo\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\xffeeo\\x19\\xffed\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 10717 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType" } ], "repeated": 0, "id": 10718 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "Server" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server" } ], "repeated": 0, "id": 10719 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "DllPath" }, { "name": "Data", "value": "C:\\Windows\\System32\\combase.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath" } ], "repeated": 0, "id": 10720 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "Threading" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading" } ], "repeated": 0, "id": 10721 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel" } ], "repeated": 0, "id": 10722 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006c4" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes" } ], "repeated": 0, "id": 10723 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer" } ], "repeated": 0, "id": 10724 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser" } ], "repeated": 0, "id": 10725 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker" } ], "repeated": 0, "id": 10726 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 10727 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions" } ], "repeated": 0, "id": 10728 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c4" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags" } ], "repeated": 0, "id": 10729 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10730 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\combase.dll" }, { "name": "BaseAddress", "value": "0x7ffc2b400000" } ], "repeated": 0, "id": 10731 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc2b400000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\combase.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 10732 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4b58a0" } ], "repeated": 0, "id": 10733 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc2b4df090" } ], "repeated": 0, "id": 10734 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "combase.dll" }, { "name": "ModuleHandle", "value": "0x7ffc2b400000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 10735 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a99cb5", "parentcaller": "0x7ff729a9bdac", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10736 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a988f1", "parentcaller": "0x7ff729a99ce4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10737 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a988f1", "parentcaller": "0x7ff729a99ce4", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10738 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "5800", "caller": "0x7ff729a98932", "parentcaller": "0x7ff729a99ce4", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000006d4" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 10739 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b1984de", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00p\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "6000" } ], "repeated": 0, "id": 10740 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006c8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d8" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.StateRepository.ApplicationExtension" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension" } ], "repeated": 0, "id": 10741 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006c8" }, { "name": "KeyInformation", "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00j\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00E\\x00x\\x00t\\x00e\\x00n\\x00s\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8e\\xff8dg\\x02\\x00\\x00Y\\xffec\\xff87\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xffc4\\x02\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00H\\xff80|\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffed\\xff87\\x19\\xffed\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xffa0\\xffcb\\xff83\\xff93g\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xff80|\\xff93g\\x02\\x00\\x00\\xffa0\\xffcb\\xff83\\xff93g\\x02\\x00\\x00\\xfff09~\\xff93g\\x02\\x00\\x00\\xffc7\\xffb3\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x10\\xfffc\\xff82\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xfff09~\\xff93g\\x02\\x00\\x00\\xffe0\\xffc5\\xff81\\xff93g\\x02\\x00\\x00\\xffe0\\xffc5\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffcb\\xff83\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x006\\xff8cO+\\xfffc\\x7f\\x00\\x00\\xff80\\xffa1\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffee\\xff87\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffee\\xff87\\x19\\xffed\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 10742 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivationType" } ], "repeated": 0, "id": 10743 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Server" } ], "repeated": 0, "id": 10744 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\DllPath" } ], "repeated": 0, "id": 10745 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Threading" } ], "repeated": 0, "id": 10746 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\TrustLevel" } ], "repeated": 0, "id": 10747 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006c8" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\CustomAttributes" } ], "repeated": 0, "id": 10748 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\RemoteServer" } ], "repeated": 0, "id": 10749 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateAsUser" } ], "repeated": 0, "id": 10750 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInSharedBroker" } ], "repeated": 0, "id": 10751 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 10752 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Permissions" } ], "repeated": 0, "id": 10753 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006c8" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateOnHostFlags" } ], "repeated": 0, "id": 10754 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4574a2", "parentcaller": "0x7ffc2b4567e6", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006d8" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d4" }, { "name": "ObjectAttributesName", "value": "Server" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server" } ], "repeated": 0, "id": 10755 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006dc" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000006d8" }, { "name": "ObjectAttributesName", "value": "StateRepository" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository" } ], "repeated": 0, "id": 10756 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006dc" }, { "name": "KeyInformation", "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00T\\xffa0\\xff87\\xff8fg\\x02\\x00\\x00\\xff90\\xffc7q\\x14\\xfffc\\x7f\\x00\\x00\\xffa2tE+\\xfffc\\x7f\\x00\\x00\\xffd9LB\\x14\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14\\xff83\\xff8dg\\x02\\x00\\x00\\x1f/m:\\xff97\\xffb6\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\xffe8\\xffe8\\xff87\\x19\\xffed\\x00\\x00\\x00\\xffef(m:\\xff97\\xffb6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\xffa7\\xff81\\xff93g\\x02\\x00\\x00(\\xff95\\xff91\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffb0\\xff9a\\xff81\\xff93g\\x02\\x00\\x000\\xffe9\\xff87\\x19\\xffed\\x00\\x00\\x00\\xffe4ID\\x14\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00U\\xffed\\xfffb\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9d\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffb8\\xffcff\\x14\\xfffc\\x7f\\x00\\x00\\xffb0\\xff9a\\xff81\\xff93g\\x02\\x00\\x00\\xfff8\\xff81f\\x14\\xfffc\\x7f\\x00\\x00\\x19\\x01\\x02\\x00g\\x02\\x00\\x00h\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00\\xffd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00P\\xffd0f\\x14\\xfffc\\x7f\\x00\\x00 \\xffe9\\xff87\\x19\\xffed\\x00\\x00\\x00\\xff98\\xff85f\\x14\\xfffc\\x7f\\x00\\x000\\xffe9\\xff87\\x19\\xffed\\x00\\x00\\x00\\xffb08~\\xff93g\\x02\\x00\\x00\\xffb0tE+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x000\\xffeb\\xff87\\x19\\xffed\\x00\\x00\\x00\\xffb0\\xff9a\\xff81\\xff93g\\x02\\x00\\x00\\xffa0\\xffa4\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\xffcc8~\\xff93g\\x02\\x00\\x000\\x00\\x00\\x00g\\x02\\x00\\x00\\xffd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00 \\xffe9\\xff87\\x19\\xffed\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xff9a\\xff81\\xff93g\\x02\\x00\\x00\\x19hE+\\xfffc\\x7f\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 10757 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "ExePath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath" } ], "repeated": 0, "id": 10758 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "CommandLine" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine" } ], "repeated": 0, "id": 10759 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "IdentityType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType" } ], "repeated": 0, "id": 10760 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x000000ea", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Type", "value": "0x7ffc00000003" }, { "name": "DataLength", "value": "184" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions" } ], "repeated": 0, "id": 10761 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "Permissions" }, { "name": "Data", "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions" } ], "repeated": 0, "id": 10762 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d9d80", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "ActivatableClasses" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses" } ], "repeated": 0, "id": 10763 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "ServerType" }, { "name": "Data", "value": "2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType" } ], "repeated": 0, "id": 10764 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "AppId" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId" } ], "repeated": 0, "id": 10765 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "Identity" }, { "name": "Data", "value": "nt authority\\system" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity" } ], "repeated": 0, "id": 10766 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "ServiceName" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName" } ], "repeated": 0, "id": 10767 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006dc" }, { "name": "ValueName", "value": "ExplicitPsmActivationType" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType" } ], "repeated": 0, "id": 10768 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006dc" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes" } ], "repeated": 0, "id": 10769 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006dc" } ], "repeated": 0, "id": 10770 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c8" } ], "repeated": 0, "id": 10771 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2c56ef53", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000006e0" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 10772 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x2679383f000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10773 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793840000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10774 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d0fe715", "parentcaller": "0x7ffc2d0fe37b", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793841000" }, { "name": "RegionSize", "value": "0x00001000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10775 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2adb6f4c", "parentcaller": "0x7ffc2b426d2f", "category": "system", "api": "NtDuplicateObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "SourceProcessHandle", "value": "0xffffffff" }, { "name": "SourceHandle", "value": "0xfffffffe" }, { "name": "TargetProcessHandle", "value": "0xffffffff" }, { "name": "TargetHandle", "value": "0x000006e8" }, { "name": "Options", "value": "0x00000002" } ], "repeated": 0, "id": 10776 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 10777 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "Interface\\{B94B62A2-4012-4B7E-A395-F21CC665FD12}" }, { "name": "Handle", "value": "0x000006ee" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{B94B62A2-4012-4B7E-A395-F21CC665FD12}" } ], "repeated": 0, "id": 10778 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006ee" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\\ProxyStubClsid32" } ], "repeated": 0, "id": 10779 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 10780 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10781 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" } ], "repeated": 0, "id": 10782 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002ce" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x000006ee" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 10783 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10784 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10785 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xf0\\xc4\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\xf0\\xc5\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10786 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 10787 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10788 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 10789 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10790 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 10791 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 10792 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 10793 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006ee" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32" } ], "repeated": 0, "id": 10794 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 10795 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 10796 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 10797 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 10798 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10799 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10800 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10801 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xc3\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x80\\xc4\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10802 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 10803 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10804 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 10805 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10806 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10807 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xc3\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x80\\xc4\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10808 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 10809 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10810 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 10811 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" } ], "repeated": 0, "id": 10812 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10813 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10814 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b437b74", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002ce" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x000006ee" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 10815 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10816 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10817 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\xb0\\xc1\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\xb0\\xc2\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10818 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 10819 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10820 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "TreatAs" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 10821 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4c22e1", "parentcaller": "0x7ffc2b437c1d", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10822 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4381f5", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags" } ], "repeated": 0, "id": 10823 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 10824 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "PSFactoryBuffer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)" } ], "repeated": 0, "id": 10825 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b438485", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006ee" }, { "name": "SubKey", "value": "InprocServer32" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32" } ], "repeated": 0, "id": 10826 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "InprocServer32" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32" } ], "repeated": 0, "id": 10827 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43870d", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 10828 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4387bc", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)" } ], "repeated": 0, "id": 10829 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b438d32", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "ThreadingModel" }, { "name": "Data", "value": "Both" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel" } ], "repeated": 0, "id": 10830 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b43855f", "parentcaller": "0x7ffc2b43829e", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10831 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10832 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10833 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xc0\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00@\\xc1\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10834 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 10835 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10836 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "InprocHandler32" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32" } ], "repeated": 0, "id": 10837 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10838 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10839 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "@\\xc0\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00@\\xc1\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10840 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 10841 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10842 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "InprocHandler" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler" } ], "repeated": 0, "id": 10843 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b43ab08", "parentcaller": "0x7ffc2b43a7d9", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006ee" }, { "name": "SubKey", "value": "LocalServer32" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32" } ], "repeated": 0, "id": 10844 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b43a825", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006ee" }, { "name": "ValueName", "value": "AppID" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID" } ], "repeated": 0, "id": 10845 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad845a7", "parentcaller": "0x7ffc2ad80705", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "KeyInformationClass", "value": "3" } ], "repeated": 0, "id": 10846 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad82314", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10847 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2d126c8b", "parentcaller": "0x7ffc2ad823a0", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "1" }, { "name": "TokenInformation", "value": "\\x80\\xbf\\x87\\x19\\xed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xd8W\\x8d\\xec'\\xfaX\\xbf\\x88\\x1c\\x8b2\\xe9\\x03\\x00\\x00\\xfc\\x7f\\x00\\x00\\xb8\\xcff\\x14\\xfc\\x7f\\x00\\x00\\xee\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xd2f\\x14\\xfc\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\xed\\x00\\x00\\x00\\x80\\xc0\\x87\\x19\\xed\\x00\\x00\\x00" } ], "repeated": 0, "id": 10848 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad824a8", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\REGISTRY\\USER\\S-1-5-21-3968686040-3210279463-847977608-1001_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer" } ], "repeated": 0, "id": 10849 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad840c4", "parentcaller": "0x7ffc2ad825c4", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006ee" }, { "name": "KeyInformation", "value": "\\x00\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "7" } ], "repeated": 0, "id": 10850 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad825e2", "parentcaller": "0x7ffc2ad80732", "category": "registry", "api": "NtOpenKeyEx", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00000001", "pretty_value": "KEY_QUERY_VALUE" }, { "name": "ObjectAttributesHandle", "value": "0x000006ee" }, { "name": "ObjectAttributesName", "value": "LocalServer" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer" } ], "repeated": 0, "id": 10851 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b43ad16", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002ce" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 10852 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b43ad4d", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006f2" }, { "name": "SubKey", "value": "Elevation" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation" } ], "repeated": 0, "id": 10853 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b43adb1", "parentcaller": "0x7ffc2b4383b8", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10854 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b438010", "parentcaller": "0x7ffc2b4353d4", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" } ], "repeated": 0, "id": 10855 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4325e9", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" }, { "name": "Handle", "value": "0x000006ee" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}" } ], "repeated": 0, "id": 10856 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b4af8f8", "parentcaller": "0x7ffc2b43213b", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006ee" }, { "name": "SubKey", "value": "TreatAs" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs" } ], "repeated": 0, "id": 10857 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2b432160", "parentcaller": "0x7ffc2b429277", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" } ], "repeated": 0, "id": 10858 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10859 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10860 }, { "timestamp": "2026-05-28 21:44:24,416", "thread_id": "6000", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "DllLoadNotification", "status": true, "return": "0x00000000", "arguments": [ { "name": "NotificationReason", "value": "load" }, { "name": "DllName", "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS" }, { "name": "DllBase", "value": "0x7ffc1beb0000" } ], "repeated": 0, "id": 10861 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "760" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10862 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f53e5", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x946ef22000" }, { "name": "Size", "value": "0x000007c8" }, { "name": "Buffer", "value": "\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00W\\xb7\\xf7\\x7f\\x00\\x00\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00p2@L\\x96\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'L\\x96\\x01\\x00\\x00\\xe0\\xc0%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x85,\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"L\\x96\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xc4%-\\xfc\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\x0f\\x00\\x00\\x00\\x00\\x00\\x01\\xb8\\xf4}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x07\\x01\\xb8\\xf4}\\x00\\x00\\x00\\x00\\x15\\xba\\xf5}\\x00\\x00(\\x02\\x16\\xba\\xf5}\\x00\\x00P\\x06\\x17\\xba\\xf5}\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9b\\x07m\\xe8\\xff\\xff\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x10\\x00\\x00\\x00@\\xad%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\xa0L\\x96\\x01\\x00\\x00" } ], "repeated": 0, "id": 10863 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f5414", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x1964c403270" }, { "name": "Size", "value": "0x00000440" }, { "name": "Buffer", "value": ".\\x07\\x00\\x00.\\x07\\x00\\x00\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x08\\x02\\x00\\x00\\x00\\x00\\x10>@L\\x96\\x01\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xb88@L\\x96\\x01\\x00\\x00`\\x00b\\x00\\x00\\x00\\x00\\x00\\xf88@L\\x96\\x01\\x00\\x00\\xf0'@L\\x96\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00Z9@L\\x96\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x9a9@L\\x96\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x9c9@L\\x96\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10864 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f545d", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x1964c4038f8" }, { "name": "Size", "value": "0x00000060" }, { "name": "Buffer", "value": "C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00v\\x00c\\x00h\\x00o\\x00s\\x00t\\x00.\\x00e\\x00x\\x00e\\x00 \\x00-\\x00k\\x00 \\x00D\\x00c\\x00o\\x00m\\x00L\\x00a\\x00u\\x00n\\x00c\\x00h\\x00 \\x00-\\x00p\\x00" } ], "repeated": 0, "id": 10865 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f39ad", "parentcaller": "0x7ff7299f31bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10866 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "760" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10867 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 10868 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 10869 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xe6\\x83\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x98\\xe6\\x83\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xe6\\x83\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xafr\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10870 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10871 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10872 }, { "timestamp": "2026-05-28 21:44:24,557", "thread_id": "10832", "caller": "0x7ff7299f0464", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtAllocateVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793842000" }, { "name": "RegionSize", "value": "0x00003000" }, { "name": "Protection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10873 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LdrLoadDll", "status": true, "return": "0x00000000", "arguments": [ { "name": "Flags", "value": "0x00000000" }, { "name": "FileName", "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll" }, { "name": "BaseAddress", "value": "0x7ffc1beb0000" } ], "repeated": 0, "id": 10874 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad856b2", "parentcaller": "0x7ffc2b456b6d", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x7ffc1beb0000", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" }, { "name": "dwFlags", "value": "0x00002008" } ], "repeated": 0, "id": 10875 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456acf", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.StateRepositoryPS.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1beb0000" }, { "name": "FunctionName", "value": "DllGetClassObject" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1beb7340" } ], "repeated": 0, "id": 10876 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456ae8", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": false, "return": "0xffffffffc0000139", "pretty_return": "ENTRYPOINT_NOT_FOUND", "arguments": [ { "name": "ModuleName", "value": "Windows.StateRepositoryPS.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1beb0000" }, { "name": "FunctionName", "value": "DllGetActivationFactory" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x00000000" } ], "repeated": 0, "id": 10877 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad8ac31", "parentcaller": "0x7ffc2b456b08", "category": "system", "api": "LdrGetProcedureAddressForCaller", "status": true, "return": "0x00000000", "arguments": [ { "name": "ModuleName", "value": "Windows.StateRepositoryPS.dll" }, { "name": "ModuleHandle", "value": "0x7ffc1beb0000" }, { "name": "FunctionName", "value": "DllCanUnloadNow" }, { "name": "Ordinal", "value": "0" }, { "name": "FunctionAddress", "value": "0x7ffc1beb7380" } ], "repeated": 0, "id": 10878 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}" }, { "name": "Handle", "value": "0x000006ee" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}" } ], "repeated": 0, "id": 10879 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006ee" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32" } ], "repeated": 0, "id": 10880 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{00000320-0000-0000-C000-000000000046}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 10881 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10882 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006ee" } ], "repeated": 0, "id": 10883 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b42c76f", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10884 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2c581630", "parentcaller": "0x7ffc2c5812cd", "category": "system", "api": "NtQuerySystemTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10885 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2d133f7a", "parentcaller": "0x7ffc2c550ed7", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "29" }, { "name": "TokenInformation", "value": "\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10886 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "Interface\\{6CB10ED7-4BCA-5561-B2E1-40E1197C1B0C}" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6CB10ED7-4BCA-5561-B2E1-40E1197C1B0C}" } ], "repeated": 0, "id": 10887 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006f2" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000006f6" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\\ProxyStubClsid32" } ], "repeated": 0, "id": 10888 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f6" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 10889 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f6" } ], "repeated": 0, "id": 10890 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10891 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10892 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10893 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4bdd9d", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtOpenKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006f0" }, { "name": "DesiredAccess", "value": "0x00020119", "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED" }, { "name": "ObjectAttributesHandle", "value": "0x000003d8" }, { "name": "ObjectAttributesName", "value": "Windows.Internal.StateRepository.Package" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package" } ], "repeated": 0, "id": 10894 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4bddf7", "parentcaller": "0x7ffc2b457428", "category": "registry", "api": "NtQueryKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "KeyHandle", "value": "0x000006f0" }, { "name": "KeyInformation", "value": "\\xfffci\\x0e\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00P\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00P\\x00a\\x00c\\x00k\\x00a\\x00g\\x00e\\x00\\x07\\x00$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffa8v\\xff93g\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8e\\xff8dg\\x02\\x00\\x00Y\\xffec\\xff87\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\x14\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xffc4\\x02\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xff90\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0c\\xff83\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0Ep+\\xfffc\\x7f\\x00\\x00\\xffa8z|\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffed\\xff87\\x19\\xffed\\x00\\x00\\x00\\xff87\\xff9dD+\\xfffc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x00\\xff90\\xfff9\\xff82\\xff93g\\x02\\x00\\x00\\xff80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80z|\\xff93g\\x02\\x00\\x00\\xff90\\xfff9\\xff82\\xff93g\\x02\\x00\\x00\\xfff08~\\xff93g\\x02\\x00\\x00\\xffc7\\xffb3\\x11-\\xfffc\\x7f\\x00\\x00\\x00\\x00\\xff83\\xff8dg\\x02\\x00\\x00\\xfff6sD+\\xfffc\\x7f\\x00\\x00\\x10\\x08\\xff83\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xfff08~\\xff93g\\x02\\x00\\x00\\xffa0\\xffb9\\xff81\\xff93g\\x02\\x00\\x00\\xffa0\\xffb9\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xfff9\\xff82\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff8e\\xff8dg\\x02\\x00\\x00\\x00\\x00\\x00\\x00g\\x02\\x00\\x006\\xff8cO+\\xfffc\\x7f\\x00\\x00\\xffa0\\xff9a\\xff81\\xff93g\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffed\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffee\\xff87\\x19\\xffed\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffee\\xff87\\x19\\xffed\\x00\\x00\\x00" }, { "name": "KeyInformationClass", "value": "0" } ], "repeated": 0, "id": 10895 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "ActivationType" }, { "name": "Data", "value": "1" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType" } ], "repeated": 0, "id": 10896 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "Server" }, { "name": "Data", "value": "StateRepository" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server" } ], "repeated": 0, "id": 10897 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4d00bb", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "DllPath" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath" } ], "repeated": 0, "id": 10898 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "Threading" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading" } ], "repeated": 0, "id": 10899 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "TrustLevel" }, { "name": "Data", "value": "0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel" } ], "repeated": 0, "id": 10900 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b41c0fc", "parentcaller": "0x7ffc2b4b4170", "category": "registry", "api": "RegOpenKeyExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Registry", "value": "0x000006f0" }, { "name": "SubKey", "value": "CustomAttributes" }, { "name": "Handle", "value": "0x00000000" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\CustomAttributes" } ], "repeated": 0, "id": 10901 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b417deb", "parentcaller": "0x7ffc2b4c8ff0", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "RemoteServer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer" } ], "repeated": 0, "id": 10902 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "ActivateAsUser" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser" } ], "repeated": 0, "id": 10903 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "ActivateInSharedBroker" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker" } ], "repeated": 0, "id": 10904 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "ActivateInBrokerForMediumILContainer" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer" } ], "repeated": 0, "id": 10905 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4c2222", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "Permissions" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions" } ], "repeated": 0, "id": 10906 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad82e92", "parentcaller": "0x7ffc2b4b9cb2", "category": "registry", "api": "RegQueryValueExW", "status": false, "return": "0x00000002", "arguments": [ { "name": "Handle", "value": "0x000006f0" }, { "name": "ValueName", "value": "ActivateOnHostFlags" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags" } ], "repeated": 0, "id": 10907 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4b7226", "parentcaller": "0x7ffc2b4bca23", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f0" } ], "repeated": 0, "id": 10908 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4792b9", "parentcaller": "0x7ffc2b4b224d", "category": "com", "api": "CoCreateInstance", "status": true, "return": "0x00000000", "arguments": [ { "name": "rclsid", "value": "00000339-0000-0000-C000-000000000046" }, { "name": "ClsContext", "value": "0x00000403", "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD" }, { "name": "riid", "value": "00000003-0000-0000-C000-000000000046" }, { "name": "ProgID", "value": "" } ], "repeated": 0, "id": 10909 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4322bf", "parentcaller": "0x7ffc2b4afbe4", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000002e6" }, { "name": "SubKey", "value": "Interface\\{0450CE77-AF0D-40AC-93FD-1E5D48C89419}" }, { "name": "Handle", "value": "0x000006f2" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0450CE77-AF0D-40AC-93FD-1E5D48C89419}" } ], "repeated": 0, "id": 10910 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afa51", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x000006f2" }, { "name": "SubKey", "value": "ProxyStubClsid32" }, { "name": "Handle", "value": "0x000006f6" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32" } ], "repeated": 0, "id": 10911 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afa8c", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegQueryValueExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f6" }, { "name": "ValueName", "value": "" }, { "name": "Data", "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32\\(Default)" } ], "repeated": 0, "id": 10912 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afad3", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f6" } ], "repeated": 0, "id": 10913 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b4afae4", "parentcaller": "0x7ffc2b4742ab", "category": "registry", "api": "RegCloseKey", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006f2" } ], "repeated": 0, "id": 10914 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10915 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2ad730ce", "parentcaller": "0x7ffc2b4b2cd1", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000002d8" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10916 }, { "timestamp": "2026-05-28 21:44:24,713", "thread_id": "6000", "caller": "0x7ffc2b42cd6e", "parentcaller": "0x7ffc2b42c76f", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10917 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a9e6eb", "parentcaller": "0x7ff729a2eae6", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "name": "Handle", "value": "0x000006f0" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" } ], "repeated": 0, "id": 10918 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a9e7db", "parentcaller": "0x7ff729a2eae6", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\" }, { "name": "NotifyFilter", "value": "0x00000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 10919 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a9e6eb", "parentcaller": "0x7ff729a2eb43", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000002", "pretty_value": "HKEY_LOCAL_MACHINE" }, { "name": "SubKey", "value": "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "name": "Handle", "value": "0x000006f8" }, { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" } ], "repeated": 0, "id": 10920 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a9e7db", "parentcaller": "0x7ff729a2eb43", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\" }, { "name": "NotifyFilter", "value": "0x00000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 10921 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a9e6eb", "parentcaller": "0x7ff729a2eb99", "category": "registry", "api": "RegOpenKeyExW", "status": true, "return": "0x00000000", "arguments": [ { "name": "Registry", "value": "0x80000001", "pretty_value": "HKEY_CURRENT_USER" }, { "name": "SubKey", "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "name": "Handle", "value": "0x00000700" }, { "name": "FullName", "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" } ], "repeated": 0, "id": 10922 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a9e7db", "parentcaller": "0x7ff729a2eb99", "category": "registry", "api": "RegNotifyChangeKeyValue", "status": true, "return": "0x00000000", "arguments": [ { "name": "FullName", "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\" }, { "name": "NotifyFilter", "value": "0x00000005" }, { "name": "WatchSubtree", "value": "1" }, { "name": "Asynchronous", "value": "1" } ], "repeated": 0, "id": 10923 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a2ebc4", "parentcaller": "0x7ff729a0e10c", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10924 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a2ebe6", "parentcaller": "0x7ff729a0e10c", "category": "filesystem", "api": "FindFirstChangeNotificationW", "status": true, "return": "0x00000708", "arguments": [ { "name": "PathName", "value": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp" }, { "name": "NotifyFilter", "value": "0x00000011" }, { "name": "WatchSubtree", "value": "0" } ], "repeated": 0, "id": 10925 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a2ec26", "parentcaller": "0x7ff729a0e10c", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10926 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "5800", "caller": "0x7ff729a2ec3f", "parentcaller": "0x7ff729a0e10c", "category": "filesystem", "api": "FindFirstChangeNotificationW", "status": true, "return": "0x0000070c", "arguments": [ { "name": "PathName", "value": "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" }, { "name": "NotifyFilter", "value": "0x00000011" }, { "name": "WatchSubtree", "value": "0" } ], "repeated": 0, "id": 10927 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "6000", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10928 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "6000", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc19bbf000" }, { "name": "ModuleName", "value": "Windows.ApplicationModel.dll" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10929 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "6000", "caller": "0x7ff729a992cf", "parentcaller": "0x7ff729a9ccf0", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000006c4" } ], "repeated": 0, "id": 10930 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "6000", "caller": "0x7ffc2adbebae", "parentcaller": "0x7ffc2b16712f", "category": "threading", "api": "NtQueryInformationThread", "status": true, "return": "0x00000000", "arguments": [ { "name": "ThreadHandle", "value": "0xfffffffe" }, { "name": "ThreadInformationClass", "value": "0", "pretty_value": "ThreadBasicInformation" }, { "name": "ThreadInformation", "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xea\\x18\\xed\\x00\\x00\\x00\\xc47\\x00\\x00\\x00\\x00\\x00\\x00p\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00" }, { "name": "ThreadId", "value": "6000" } ], "repeated": 0, "id": 10931 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "6000", "caller": "0x7ffc2d137830", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "OldAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10932 }, { "timestamp": "2026-05-28 21:44:24,760", "thread_id": "6000", "caller": "0x7ffc2d137881", "parentcaller": "0x7ffc2d1220f9", "category": "process", "api": "NtProtectVirtualMemory", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x7ffc2b1f7000" }, { "name": "ModuleName", "value": "SHCORE.DLL" }, { "name": "NumberOfBytesProtected", "value": "0x00001000" }, { "name": "MemoryType", "value": "0x00000000" }, { "name": "NewAccessProtection", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "OldAccessProtection", "value": "0x00000004", "pretty_value": "PAGE_READWRITE" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10933 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "780" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\fontdrvhost.exe" } ], "repeated": 0, "id": 10934 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff7299f068f", "parentcaller": "0x7ff7299edc11", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10935 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f6d7d", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "780" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\fontdrvhost.exe" } ], "repeated": 0, "id": 10936 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff7299f6de3", "parentcaller": "0x7ff7299f087c", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10937 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a083ed", "parentcaller": "0x7ff729a08345", "category": "synchronization", "api": "NtCreateMutant", "status": true, "return": "0x40000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "MutexName", "value": "Local\\SM0:14276:120:WilError_03" }, { "name": "InitialOwner", "value": "0" } ], "repeated": 0, "id": 10938 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a08df4", "parentcaller": "0x7ff729a0841c", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" }, { "name": "Milliseconds", "value": "18446744073709551615" }, { "name": "Status", "value": "Infinite" } ], "repeated": 0, "id": 10939 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08b03", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10940 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08b03", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10941 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08bba", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10942 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a08d39", "parentcaller": "0x7ff729a08bba", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000714" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10943 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a0f03f", "parentcaller": "0x7ff729a08bcc", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000714" } ], "repeated": 0, "id": 10944 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a0f03f", "parentcaller": "0x7ff729a08c07", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10945 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a0f2e3", "parentcaller": "0x7ff729a0847c", "category": "synchronization", "api": "NtReleaseMutant", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10946 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff729a0f03f", "parentcaller": "0x7ff729a0848a", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10947 }, { "timestamp": "2026-05-28 21:44:25,025", "thread_id": "10832", "caller": "0x7ff7299ed650", "parentcaller": "0x7ff7299ed486", "category": "system", "api": "IsDebuggerPresent", "status": false, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10948 }, { "timestamp": "2026-05-28 21:44:25,244", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 10949 }, { "timestamp": "2026-05-28 21:44:25,244", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 10950 }, { "timestamp": "2026-05-28 21:44:25,244", "thread_id": "11620", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 10951 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "928" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10952 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f068f", "parentcaller": "0x7ff7299edc11", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10953 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "928" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10954 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10955 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "928" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10956 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10957 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e40002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10958 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10959 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10960 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 10961 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10962 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10963 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10964 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10965 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 10966 }, { "timestamp": "2026-05-28 21:44:25,338", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e40002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10967 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10968 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10969 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 10970 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10971 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10972 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10973 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10974 }, { "timestamp": "2026-05-28 21:44:25,354", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 10975 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "928" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10976 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f53e5", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x5e08ee3000" }, { "name": "Size", "value": "0x000007c8" }, { "name": "Buffer", "value": "\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00W\\xb7\\xf7\\x7f\\x00\\x00\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00p2@A\\xea\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>A\\xea\\x01\\x00\\x00\\xe0\\xc0%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x85,\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x009A\\xea\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xc4%-\\xfc\\x7f\\x00\\x00\\xff\\x1f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xea\\x93\\xf4}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x07\\xea\\x93\\xf4}\\x00\\x00\\x00\\x00\\xfe\\x95\\xf5}\\x00\\x00(\\x02\\xff\\x95\\xf5}\\x00\\x00P\\x06\\x00\\x96\\xf5}\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9b\\x07m\\xe8\\xff\\xff\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x10\\x00\\x00\\x00@\\xad%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\xc0A\\xea\\x01\\x00\\x00" } ], "repeated": 0, "id": 10977 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f5414", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x1ea41403270" }, { "name": "Size", "value": "0x00000440" }, { "name": "Buffer", "value": "<\\x07\\x00\\x00<\\x07\\x00\\x00\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x08\\x02\\x00\\x00\\x00\\x00 >@A\\xea\\x01\\x00\\x00L\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xb88@A\\xea\\x01\\x00\\x00n\\x00p\\x00\\x00\\x00\\x00\\x00\\xf88@A\\xea\\x01\\x00\\x00\\xf0'@A\\xea\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00h9@A\\xea\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\xa89@A\\xea\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\xaa9@A\\xea\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10978 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f545d", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x1ea414038f8" }, { "name": "Size", "value": "0x0000006e" }, { "name": "Buffer", "value": "C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00v\\x00c\\x00h\\x00o\\x00s\\x00t\\x00.\\x00e\\x00x\\x00e\\x00 \\x00-\\x00k\\x00 \\x00D\\x00c\\x00o\\x00m\\x00L\\x00a\\x00u\\x00n\\x00c\\x00h\\x00 \\x00-\\x00p\\x00 \\x00-\\x00s\\x00 \\x00L\\x00S\\x00M\\x00" } ], "repeated": 0, "id": 10979 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f39ad", "parentcaller": "0x7ff7299f31bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10980 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "928" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10981 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 10982 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 10983 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xe6\\x83\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x98\\xe6\\x83\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xe6\\x83\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdf\\xb7\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 10984 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10985 }, { "timestamp": "2026-05-28 21:44:25,604", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10986 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "420" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10987 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f068f", "parentcaller": "0x7ff7299edc11", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10988 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "420" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10989 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10990 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "420" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 10991 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 10992 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e40002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 10993 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 10994 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 10995 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 10996 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 10997 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 10998 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 10999 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11000 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 11001 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e40002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 11002 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 11003 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 11004 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 11005 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 11006 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 11007 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 11008 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11009 }, { "timestamp": "2026-05-28 21:44:25,822", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 11010 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "420" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11011 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f53e5", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0xfa0ae0000" }, { "name": "Size", "value": "0x000007c8" }, { "name": "Buffer", "value": "\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00W\\xb7\\xf7\\x7f\\x00\\x00\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00p2 \\xe4\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\xe4\\x7f\\x01\\x00\\x00\\xe0\\xc0%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x85,\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe4\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xc4%-\\xfc\\x7f\\x00\\x00\\xff\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x97\\xf4}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x07}\\x97\\xf4}\\x00\\x00\\x00\\x00\\x91\\x99\\xf5}\\x00\\x00(\\x02\\x92\\x99\\xf5}\\x00\\x00P\\x06\\x93\\x99\\xf5}\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9b\\x07m\\xe8\\xff\\xff\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x10\\x00\\x00\\x00@\\xad%-\\xfc\\x7f\\x00\\x00\\x00\\x00`\\xe4\\x7f\\x01\\x00\\x00" } ], "repeated": 0, "id": 11012 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f5414", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x17fe4203270" }, { "name": "Size", "value": "0x00000440" }, { "name": "Buffer", "value": ":\\x07\\x00\\x00:\\x07\\x00\\x00\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x08\\x02\\x00\\x00\\x00\\x00 > \\xe4\\x7f\\x01\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\xb88 \\xe4\\x7f\\x01\\x00\\x00l\\x00n\\x00\\x00\\x00\\x00\\x00\\xf88 \\xe4\\x7f\\x01\\x00\\x00\\xf0' \\xe4\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00f9 \\xe4\\x7f\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\xa69 \\xe4\\x7f\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\xa89 \\xe4\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 11013 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f545d", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x17fe42038f8" }, { "name": "Size", "value": "0x0000006c" }, { "name": "Buffer", "value": "C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00v\\x00c\\x00h\\x00o\\x00s\\x00t\\x00.\\x00e\\x00x\\x00e\\x00 \\x00-\\x00k\\x00 \\x00n\\x00e\\x00t\\x00s\\x00v\\x00c\\x00s\\x00 \\x00-\\x00p\\x00 \\x00-\\x00s\\x00 \\x00g\\x00p\\x00s\\x00v\\x00c\\x00" } ], "repeated": 0, "id": 11014 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f39ad", "parentcaller": "0x7ff7299f31bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11015 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "420" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11016 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 11017 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 11018 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xe6\\x83\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x98\\xe6\\x83\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xe6\\x83\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xcb\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 11019 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 11020 }, { "timestamp": "2026-05-28 21:44:25,979", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11021 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f05ac", "parentcaller": "0x7ff7299edc11", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001400", "pretty_value": "PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "688" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11022 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f068f", "parentcaller": "0x7ff7299edc11", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11023 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3e56", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "688" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11024 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f3ebb", "parentcaller": "0x7ff7299f2d53", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11025 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3ffc", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "688" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11026 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f4224", "parentcaller": "0x7ff7299f2da5", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11027 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e40002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 11028 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 11029 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 11030 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 11031 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed1947cdf0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 11032 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 11033 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 11034 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11035 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e25", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 11036 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "LoadLibraryExW", "status": true, "return": "0x26793e40002", "arguments": [ { "name": "lpLibFileName", "value": "C:\\Windows\\System32\\svchost.exe" }, { "name": "dwFlags", "value": "0x00000022" } ], "repeated": 0, "id": 11037 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "registry", "api": "NtOpenKey", "status": false, "return": "0xffffffffc0000034", "pretty_return": "OBJECT_NAME_NOT_FOUND", "arguments": [ { "name": "KeyHandle", "value": "0x00000000" }, { "name": "DesiredAccess", "value": "0x00020019", "pretty_value": "KEY_READ" }, { "name": "ObjectAttributesHandle", "value": "0x00000000" }, { "name": "ObjectAttributesName", "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" }, { "name": "ObjectAttributes", "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US" } ], "repeated": 0, "id": 11038 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "filesystem", "api": "NtOpenFile", "status": true, "return": "0x00000000", "arguments": [ { "name": "FileHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00100001", "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" }, { "name": "ShareAccess", "value": "5", "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE" } ], "repeated": 0, "id": 11039 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtCreateSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "DesiredAccess", "value": "0x000f0005", "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ" }, { "name": "ObjectAttributes", "value": "" }, { "name": "FileHandle", "value": "0x000005cc" }, { "name": "FileName", "value": "C:\\Windows\\System32\\en-US\\svchost.exe.mui" } ], "repeated": 0, "id": 11040 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtMapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "SectionHandle", "value": "0x000005d0" }, { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "SectionOffset", "value": "0xed1947cde0" }, { "name": "ViewSize", "value": "0x00001000" }, { "name": "Win32Protect", "value": "0x00000002", "pretty_value": "PAGE_READONLY" }, { "name": "StackPivoted", "value": "no" } ], "repeated": 0, "id": 11041 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 11042 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e50000" }, { "name": "RegionSize", "value": "0x00001000" } ], "repeated": 0, "id": 11043 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11044 }, { "timestamp": "2026-05-28 21:44:26,150", "thread_id": "10832", "caller": "0x7ff7299f2e75", "parentcaller": "0x7ff7299f07fb", "category": "process", "api": "NtUnmapViewOfSection", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0xffffffff" }, { "name": "BaseAddress", "value": "0x26793e40000" }, { "name": "RegionSize", "value": "0x00010000" } ], "repeated": 0, "id": 11045 }, { "timestamp": "2026-05-28 21:44:26,213", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "GetSystemTimeAsFileTime", "status": true, "return": "0x00000000", "arguments": [], "repeated": 0, "id": 11046 }, { "timestamp": "2026-05-28 21:44:26,213", "thread_id": "13188", "caller": "0x7ff7299e3b91", "parentcaller": "0x00000000", "category": "system", "api": "NtWaitForSingleObject", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x00000410" }, { "name": "Milliseconds", "value": "0" } ], "repeated": 0, "id": 11047 }, { "timestamp": "2026-05-28 21:44:26,213", "thread_id": "11620", "caller": "0x7ffc2b480e98", "parentcaller": "0x7ffc2b4fb785", "category": "windows", "api": "PostMessageW", "status": true, "return": "0x00000001", "arguments": [ { "name": "WindowHandle", "value": "0x00010524" }, { "name": "Message", "value": "0x00000400" } ], "repeated": 0, "id": 11048 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f38f8", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001410", "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "688" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11049 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f53e5", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0xe1c814d000" }, { "name": "Size", "value": "0x000007c8" }, { "name": "Buffer", "value": "\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00W\\xb7\\xf7\\x7f\\x00\\x00\\xc0\\xc4%-\\xfc\\x7f\\x00\\x00\\xf02 \\xab\\xc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1b\\xab\\xc3\\x02\\x00\\x00\\xe0\\xc0%-\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x85,\\xfc\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xab\\xc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xc4%-\\xfc\\x7f\\x00\\x00\\x1f\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x91\\xa4\\xf4}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x07\\x91\\xa4\\xf4}\\x00\\x00\\x00\\x00\\xa5\\xa6\\xf5}\\x00\\x00(\\x02\\xa6\\xa6\\xf5}\\x00\\x00P\\x06\\xa7\\xa6\\xf5}\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x9b\\x07m\\xe8\\xff\\xff\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x10\\x00\\x00\\x00@\\xad%-\\xfc\\x7f\\x00\\x00\\x00\\x00m\\xab\\xc3\\x02\\x00\\x00" } ], "repeated": 0, "id": 11050 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f5414", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x2c3ab2032f0" }, { "name": "Size", "value": "0x00000440" }, { "name": "Buffer", "value": "j\\x07\\x00\\x00j\\x07\\x00\\x00\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x00\\x08\\x02\\x00\\x00\\x00\\x00\\xd0> \\xab\\xc3\\x02\\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x0089 \\xab\\xc3\\x02\\x00\\x00\\x9c\\x00\\x9e\\x00\\x00\\x00\\x00\\x00x9 \\xab\\xc3\\x02\\x00\\x00\\xf0' \\xab\\xc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>\\x00@\\x00\\x00\\x00\\x00\\x00\\x16: \\xab\\xc3\\x02\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00V: \\xab\\xc3\\x02\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00X: \\xab\\xc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 11051 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f545d", "parentcaller": "0x7ff7299f3945", "category": "process", "api": "ReadProcessMemory", "status": true, "return": "0x00000001", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "BaseAddress", "value": "0x2c3ab203978" }, { "name": "Size", "value": "0x0000009c" }, { "name": "Buffer", "value": "C\\x00:\\x00\\\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00v\\x00c\\x00h\\x00o\\x00s\\x00t\\x00.\\x00e\\x00x\\x00e\\x00 \\x00-\\x00k\\x00 \\x00L\\x00o\\x00c\\x00a\\x00l\\x00S\\x00e\\x00r\\x00v\\x00i\\x00c\\x00e\\x00N\\x00e\\x00t\\x00w\\x00o\\x00r\\x00k\\x00R\\x00e\\x00s\\x00t\\x00r\\x00i\\x00c\\x00t\\x00e\\x00d\\x00 \\x00-\\x00p\\x00 \\x00-\\x00s\\x00 \\x00l\\x00m\\x00h\\x00o\\x00s\\x00t\\x00s\\x00" } ], "repeated": 0, "id": 11052 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f39ad", "parentcaller": "0x7ff7299f31bb", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11053 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f45b1", "parentcaller": "0x7ff7299f3746", "category": "process", "api": "NtOpenProcess", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00001000", "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION" }, { "name": "ProcessIdentifier", "value": "688" }, { "name": "ProcessName", "value": "C:\\Windows\\System32\\svchost.exe" } ], "repeated": 0, "id": 11054 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f472e", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtOpenProcessToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "ProcessHandle", "value": "0x000005cc" }, { "name": "DesiredAccess", "value": "0x00000008" }, { "name": "TokenHandle", "value": "0x000005d0" } ], "repeated": 0, "id": 11055 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f4764", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": false, "return": "0xffffffffc0000023", "pretty_return": "BUFFER_TOO_SMALL", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "" } ], "repeated": 0, "id": 11056 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f47ed", "parentcaller": "0x7ff7299f375e", "category": "process", "api": "NtQueryInformationToken", "status": true, "return": "0x00000000", "arguments": [ { "name": "TokenInformationClass", "value": "39" }, { "name": "TokenInformation", "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xe6\\x83\\x93g\\x02\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\x98\\xe6\\x83\\x93g\\x02\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xe6\\x83\\x93g\\x02\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xce\\x00\\x00\\x00\\x00\\x00\\x00" } ], "repeated": 0, "id": 11057 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f488d", "parentcaller": "0x7ff7299f375e", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005d0" } ], "repeated": 0, "id": 11058 }, { "timestamp": "2026-05-28 21:44:26,416", "thread_id": "10832", "caller": "0x7ff7299f3779", "parentcaller": "0x7ff7299f31c6", "category": "system", "api": "NtClose", "status": true, "return": "0x00000000", "arguments": [ { "name": "Handle", "value": "0x000005cc" } ], "repeated": 0, "id": 11059 } ], "threads": [ "14212", "13976", "14068", "14064", "13964", "13428", "11032", "10832", "12948", "13188", "13608", "12440", "5800", "3380", "11620", "6000" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Windows\\system32\\taskmgr.exe\" /4", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7299e0000", "MainExeSize": "0x00130000", "Bitness": "64-bit" }, "file_activities": { "read_files": [], "write_files": [], "delete_files": [] } } ], "anomaly": [], "processtree": [ { "name": "explorer.exe", "pid": 4248, "parent_id": 4196, "module_path": "C:\\Windows\\explorer.exe", "children": [ { "name": "chrome.exe", "pid": 2072, "parent_id": 4248, "module_path": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", "children": [], "threads": [ "1884", "1188", "5348", "428", "2144", "5172", "2236", "1880", "3928", "2164", "1464", "7840", "2224", "2988", "6992", "7792", "1964", "7616" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" ", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff78cd00000", "MainExeSize": "0x00421000", "Bitness": "64-bit" } }, { "name": "msedge.exe", "pid": 2208, "parent_id": 4248, "module_path": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe", "children": [ { "name": "identity_helper.exe", "pid": 12320, "parent_id": 2208, "module_path": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe", "children": [], "threads": [ "12324", "12448", "12444", "12440", "12436", "12644", "12652", "12660", "12664", "12668", "12672", "12676", "12680", "12716", "12736", "12744", "12748", "12752", "12756", "12764", "12792", "12412" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7809a0000", "MainExeSize": "0x0028c000", "Bitness": "64-bit" } } ], "threads": [ "5180", "10156", "10328", "10388", "10412", "10380", "10456", "10468", "10336", "10372", "10564", "10320", "10544", "10536", "10548", "11160", "10556", "10448", "10464", "10780", "10332", "10352", "11352", "10956", "10364", "10316", "10784", "11144" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"https://sugarcraft(dot)net/\"", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7b5f00000", "MainExeSize": "0x00505000", "Bitness": "64-bit" } }, { "name": "Taskmgr.exe", "pid": 14276, "parent_id": 4248, "module_path": "C:\\Windows\\System32\\Taskmgr.exe", "children": [], "threads": [ "14212", "13976", "14068", "14064", "13964", "13428", "11032", "10832", "12948", "13188", "13608", "12440", "5800", "3380", "11620", "6000" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "\"C:\\Windows\\system32\\taskmgr.exe\" /4", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7299e0000", "MainExeSize": "0x00130000", "Bitness": "64-bit" } } ], "threads": [ "4908", "5008", "3848", "5576", "276", "5616", "4148", "4232", "5708", "3312", "5284", "5040", "3636", "1492", "5024", "4924", "4984", "5460", "12156", "8752", "6324", "13152", "7868", "13724", "13736", "13732", "4380", "11008", "13748", "3132" ], "environ": { "UserName": "admin", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Users\\admin\\AppData\\Local\\Temp\\", "CommandLine": "C:\\Windows\\Explorer.EXE", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff651080000", "MainExeSize": "0x00546000", "Bitness": "64-bit" } }, { "name": "svchost.exe", "pid": 760, "parent_id": 624, "module_path": "C:\\Windows\\System32\\svchost.exe", "children": [], "threads": [ "4384", "11616", "1252", "11568", "1480", "13792", "12348" ], "environ": { "UserName": "SYSTEM", "ComputerName": "JOHNS-PC", "WindowsPath": "C:\\Windows", "TempPath": "C:\\Windows\\TEMP\\", "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p", "RegisteredOwner": "", "RegisteredOrganization": "", "ProductName": "", "SystemVolumeSerialNumber": "12bc-0026", "SystemVolumeGUID": "528c102f-0000-0000-0000-300300000000", "MachineGUID": "", "MainExeBase": "0x7ff7b7570000", "MainExeSize": "0x00010000", "Bitness": "64-bit" } } ], "summary": { "files": [ "\\Device\\Bam", "C:\\", "C:\\Windows\\", "C:\\Windows\\System32\\", "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations", "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk", "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", "C:\\Windows\\apppatch\\sysmain.sdb", "C:\\Program Files\\", "C:\\Program Files\\Google\\", "C:\\Program Files\\Google\\Chrome\\Application\\", "C:\\Program Files (x86)\\Microsoft\\", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\", "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk", "C:\\Users\\admin", "C:\\Users\\admin\\AppData\\Local", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db", "C:\\program files (x86)\\microsoft\\Edge\\application\\msedge.exe", "C:\\program files (x86)\\microsoft\\Edge\\SystemResources\\msedge.exe.mun", "C:\\Windows\\System32\\SecurityHealthSSO.dll", "C:\\Windows\\System32\\twinui.pcshell.dll", "C:\\Windows\\System32\\storageusage.dll", "C:\\Windows\\System32", "C:\\Windows\\System32\\Taskmgr.exe", "C:\\Windows\\System32\\Taskmgr.exe\\", "C:\\Windows", "C:", "\\??\\MountPointManager", "\\??\\Volume{528c102f-0000-0000-0000-300300000000}", "C:\\Windows\\System32\\en-US\\taskmgr.exe.mui", "C:\\Windows\\WinSxS\\FileMaps\\$$_system32_21f9a9c4a2f8b514.cdf-ms", "C:\\Windows\\System32\\usp10.dll", "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls", "\\??\\pipe\\crashpad_2208_BWQPYTKWQIYHENVA", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\148.0.3967.83\\msedge.dll", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge.dll", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\icudtl.dat", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\v8_context_snapshot.bin", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_100_percent.pak", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_200_percent.pak", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\Locales\\en-US.pak", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\resources.pak", "C:\\Windows\\System32\\kernel.appcore.dll", "C:\\Windows\\System32\\policymanager.dll", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msvcp110_win.dll", "C:\\Windows\\System32\\msvcp110_win.dll", "C:\\Windows\\System32\\usermgrcli.dll", "C:\\Windows\\System32\\capauthz.dll", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\MSASN1.dll", "C:\\Windows\\System32\\msasn1.dll", "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep", "C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui", "C:\\Windows\\SysWOW64\\propsys.dll", "C:\\Windows\\System32\\propsys.dll", "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\", "C:\\Users\\admin\\AppData\\Local\\Packages", "C:\\Users\\admin\\AppData\\Local\\Packages\\", "C:\\Users\\admin\\AppData\\Local\\", "C:\\Users\\admin\\AppData", "C:\\Users\\admin\\AppData\\", "C:\\Users\\admin\\", "C:\\Users", "C:\\Users\\", "\\Device\\DeviceApi\\CMApi", "C:\\Users\\admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\LocalState\\ToastCollectionIcons\\*", "\\??\\PhysicalDrive0", "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep", "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\\S-1-5-18.pckgdep", "C:\\Windows\\System32\\umpdc.dll", "C:\\Windows\\WindowsShell.Manifest", "\\Device\\CNG", "C:\\Windows\\System32\\taskmgr.exe.3.Manifest", "C:\\Windows\\Fonts\\staticcache.dat", "C:\\Windows\\System32\\TextShaping.dll", "C:\\Windows\\System32\\textinputframework.dll", "C:\\Windows\\System32\\CoreUIComponents.dll", "C:\\Windows\\System32\\CoreMessaging.dll", "C:\\Windows\\System32\\ntmarta.dll", "C:\\Windows\\System32\\WinTypes.dll", "\\Device\\PcwDrv", "C:\\Windows\\System32\\wtsapi32.dll", "C:\\Windows\\System32\\winsta.dll", "C:\\Windows\\System32\\WindowsCodecs.dll", "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo1.xml", "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo2.xml", "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo3.xml", "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo4.xml", "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml", "C:\\Windows\\System32\\xmllite.dll", "C:\\Program Files (x86)\\Steam\\bin\\cef\\cef.win64\\steamwebhelper.exe", "C:\\Program Files\\Google\\Chrome\\Application\\PlatformExperienceHelper\\platform_experience_helper.exe", "C:\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\Installer\\chrmstp.exe", "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", "C:\\Windows\\System32\\oleacc.dll", "C:\\Windows\\System32\\en-US\\OLEACCRC.DLL.mui", "C:\\Windows\\System32\\UxTheme.dll.Config", "C:\\Windows\\System32\\uxtheme.dll", "C:\\Windows\\System32\\resmon.exe", "C:\\Windows\\System32\\windows.storage.dll", "C:\\Windows\\System32\\wldp.dll", "C:\\Windows\\System32\\samcli.dll", "C:\\Program Files", "C:\\Windows\\System32\\reg.exe", "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\Discord.exe", "C:\\Program Files (x86)\\Steam\\steamsysinfo.exe", "C:\\Windows\\System32\\SecurityHealthSystray.exe", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe", "C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\\python.exe", "C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe", "C:\\Program Files (x86)\\Steam\\steam.exe", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe", "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", "C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*.*", "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp", "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\*.*", "C:\\Windows\\System32\\en-US\\SecurityHealthSystray.exe.mui", "C:\\Windows\\System32\\en\\SecurityHealthSystray.exe.mui", "C:\\Windows\\System32\\shell32.dll", "C:\\Users\\admin\\AppData\\Local\\IconCache.db", "C:\\Windows\\System32\\samlib.dll", "C:\\Windows\\System32\\netutils.dll", "C:\\Windows\\System32\\en-US\\csrss.exe.mui", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\IconCacheToDelete", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db", "C:\\Users\\desktop.ini", "C:\\Users\\admin\\AppData\\Local\\Microsoft", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\desktop.ini", "C:\\Windows\\System32\\en-US\\propsys.dll.mui", "C:\\Users\\admin\\AppData\\Local\\microsoft\\windowsapps\\python.exe", "C:\\Windows\\System32\\imageres.dll", "C:\\Windows\\System32\\en-US\\imageres.dll.mui", "C:\\Windows\\System32\\SystemResources\\imageres.dll.mui.mun", "C:\\Windows\\SystemResources\\imageres.dll.mun", "C:\\Windows\\System32\\conhost.exe", "C:\\??\\c:\\windows\\system32\\conhost.exe", "C:\\Users\\admin\\AppData\\Local\\SystemResources\\update.exe.mun", "C:\\Windows\\System32\\en-US\\reg.exe.mui", "C:\\Windows\\SystemResources\\reg.exe.mun", "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\discord_voice\\gpu_encoder_helper.exe", "C:\\Users\\admin\\AppData\\Local\\Discord\\app-1.0.9238\\modules\\discord_voice-1\\SystemResources\\gpu_encoder_helper.exe.mun", "C:\\Windows\\System32\\bin\\vulkandriverquery64.exe", "C:\\Windows\\System32\\bin\\vulkandriverquery.exe", "C:\\Windows\\System32\\bin\\gldriverquery64.exe", "C:\\Windows\\System32\\bin\\gldriverquery.exe", "C:\\Program Files (x86)", "C:\\Program Files (x86)\\desktop.ini", "C:\\Program Files (x86)\\Steam", "C:\\program files (x86)\\Steam\\steamsysinfo.exe", "C:\\program files (x86)\\SystemResources\\steamsysinfo.exe.mun", "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe", "C:\\Windows\\System32\\en-US\\services.exe.mui", "C:\\Windows\\System32\\en-US\\svchost.exe.mui" ], "read_files": [], "write_files": [ "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db", "\\??\\pipe\\crashpad_2208_BWQPYTKWQIYHENVA", "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" ], "delete_files": [], "keys": [ "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\channel", "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\ap", "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort", "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort\\name", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-AU", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm", "HKEY_CURRENT_USER", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion", "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\\LocalServer32", "HKEY_CURRENT_USER\\Software\\Classes", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\ThreadingModel", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler32", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\AppID", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\Elevation", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{50AC103F-D235-4598-BBEF-98FE4D1A3AD4}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\ThreadingModel", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler32", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InprocHandler", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\InprocServer32", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\AppID", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\Elevation", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3BC3D253-2F31-4092-9129-8AD5ABF067DA}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bc3d253-2f31-4092-9129-8ad5abf067da}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bc3d253-2f31-4092-9129-8ad5abf067da}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Value", "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\current\\Device\\Privacy", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Value", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocServer32", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicymultiszSeparatorChar", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0c9281f9-6da1-4006-8729-de6e6b61581c}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF8E9480-CA73-448E-B8F0-DA000F581428}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataBoth", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{84103CCB-2FD7-4D6C-962E-5D8582B4C720}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84103ccb-2fd7-4d6c-962e-5d8582b4c720}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5232F8EA-49C7-4840-BFBB-66E785689E88}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{926516E8-D891-45BC-9DE5-6959FB8ECAC5}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{A819F3DE-60AA-5159-8407-F0A7FB1F6832}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{a819f3de-60aa-5159-8407-f0a7fb1f6832}\\ProxyStubClsid32", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{0450CE77-AF0D-40AC-93FD-1E5D48C89419}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{195F5943-0C04-4EAB-B907-735817FDAC77}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{195f5943-0c04-4eab-b907-735817fdac77}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{195f5943-0c04-4eab-b907-735817fdac77}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{79AB57F6-43FE-487B-8A7F-99567200AE94}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{79ab57f6-43fe-487b-8a7f-99567200ae94}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{79ab57f6-43fe-487b-8a7f-99567200ae94}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired\\VolatileChildTest", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapDBRedirect", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Value", "HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Appx", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\Expiration", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\XAML", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\CommandLine", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\IdentityType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServerType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\AppId", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Identity", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServiceName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExplicitPsmActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\CustomAttributes", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\AppID", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\LocalServer", "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\Elevation", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b3f72108-5c5c-469b-a5e5-3f64d2a39b01}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D81E96F1-A89C-417E-9335-59531026309D}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{d81e96f1-a89c-417e-9335-59531026309d}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{d81e96f1-a89c-417e-9335-59531026309d}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{3BED20A5-6DEE-4297-B976-3B30DF69A7AA}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7F290DA0-75E3-5885-898D-1F5B1ED47ED2}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9ED07B24-36FD-543B-948E-B01FE5814B49}", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{EFE869FC-5841-55F1-AA56-82C7219AAA09}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\TreatAs", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\ThreadingModel", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler32", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InprocHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\AppID", "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\LocalServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\Elevation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{E44EA1DF-BB85-5A8C-BDDC-C8E960C355C9}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8CBD762A-1222-5EE5-B745-489E7A42C6EC}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6D3BC882-23A4-4706-B8FA-FC7DE2FC325D}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces\\DefaultStart", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\AdminCapabilities", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags", "HKEY_USERS", "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR", "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR\\WnfStateName", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\identity_helper.exe", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups", "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager", "HKEY_CLASSES_ROOT\\Directory", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler", "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\LibraryDescriptionHandler", "HKEY_CLASSES_ROOT\\Folder", "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\LibraryDescriptionHandler", "HKEY_CLASSES_ROOT\\AllFilesystemObjects", "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LibraryDescriptionHandler", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PropertyBag", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler", "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\PropertyHandler", "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\PropertyHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler", "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler", "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions", "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\TaskManager", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectUI\\DynamicScaling", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectUI", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled", "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\UseStatusSetting", "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\taskmgr.exe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\AppCompatClassName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Input", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\QfePolicyDefinitions\\{A48F1A32-A340-11D1-BC6B-00A0C90312E1}\\{572FD217-F7FF-479C-8D96-BC938D6867F5}", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegValueNameRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Value", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\HideFastUserSwitching", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\NetworkUXManager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Accent", "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "HKEY_CURRENT_USER\\Control Panel\\Desktop", "HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer", "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKEY_CLASSES_ROOT\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID", "HKEY_CLASSES_ROOT\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InProcServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID", "HKEY_CLASSES_ROOT\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InProcServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users", "HKEY_CLASSES_ROOT\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe MDL2 Assets", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PropertyBag", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Startup", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\SecurityHealth", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Max Cached Icons", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\AccountPicture\\Users\\S-1-5-21-3968686040-3210279463-847977608-1001", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Scaling", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\CAPEAgent", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\taskmgr.exe", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe", "HKEY_CLASSES_ROOT\\.exe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)", "HKEY_CLASSES_ROOT\\exefile", "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\CurVer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler", "HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode", "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace\\DelegateFolders", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\OneDrive", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Discord", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Steam", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\automatedAppLaunch", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\CustomAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{B94B62A2-4012-4B7E-A395-F21CC665FD12}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32", "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{6CB10ED7-4BCA-5561-B2E1-40E1197C1B0C}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\\ProxyStubClsid32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32" ], "read_keys": [ "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\channel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\ap", "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort\\name", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-AU", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\AppID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\AppID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bc3d253-2f31-4092-9129-8ad5abf067da}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF8E9480-CA73-448E-B8F0-DA000F581428}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicymultiszSeparatorChar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84103ccb-2fd7-4d6c-962e-5d8582b4c720}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{195f5943-0c04-4eab-b907-735817fdac77}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{79ab57f6-43fe-487b-8a7f-99567200ae94}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicypath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyismultisz", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\Expiration", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\CommandLine", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\IdentityType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServerType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\AppId", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Identity", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServiceName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExplicitPsmActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\AppID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b3f72108-5c5c-469b-a5e5-3f64d2a39b01}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{d81e96f1-a89c-417e-9335-59531026309d}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\InprocServer32", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\ThreadingModel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\AppID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces\\DefaultStart", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags", "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR\\WnfStateName", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt", "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\UseStatusSetting", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\PolicyType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Behavior", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\MergeAlgorithm", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirectMapped", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegValueNameRedirect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\grouppolicyname", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataDevice", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataBoth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\30Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Value", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\HideFastUserSwitching", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\Active", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\MediaType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Startup", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\SecurityHealth", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Max Cached Icons", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\CAPEAgent", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\OneDrive", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Discord", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Steam", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\automatedAppLaunch", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivationType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Server", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\DllPath", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Threading", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\TrustLevel", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\RemoteServer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateAsUser", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInSharedBroker", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInBrokerForMediumILContainer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Permissions", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateOnHostFlags", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\\ProxyStubClsid32\\(Default)", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel" ], "write_keys": [], "delete_keys": [ "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences" ], "executed_commands": [ "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\"", "\"C:\\Windows\\system32\\taskmgr.exe\" /4", "%SystemRoot%\\system32\\taskmgr.exe /4", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" \"--metrics-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=148.0.7778.217 --initial-client-data=0x268,0x26c,0x270,0x24c,0x274,0x7ffc136be9c0,0x7ffc136be9cc,0x7ffc136be9d8", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --metrics-shmem-handle=2124,i,8991922744502408939,12035519159370364964,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2168 /prefetch:3", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1760,i,13651363605794111286,5121436129363740046,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1980 /prefetch:2", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --metrics-shmem-handle=2364,i,6716272949696715985,16613973558693619772,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2408 /prefetch:8", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539972201 --metrics-shmem-handle=3300,i,6864544789388492662,1904890231814579921,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3416 /prefetch:1", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539984704 --metrics-shmem-handle=3460,i,18353002224121741580,13093445649205443798,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3508 /prefetch:1", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540171200 --metrics-shmem-handle=3860,i,7480903360239469260,9372336423967034872,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3976 /prefetch:2", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540812348 --metrics-shmem-handle=4244,i,11385932005541265785,1562708900009701974,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4104 /prefetch:1", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5420,i,9293193041365869203,1552283600214825622,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=5452 /prefetch:8", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5444,i,10078564000181174557,9062345241240227149,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=5456 /prefetch:8", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5472,i,12896046378289974589,11025856552623480385,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=5432 /prefetch:8", "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=940,i,12374555509904114995,13274239554060129860,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=5404 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=148.0.7778.180 \"--annotation=exe=C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=148.0.3967.83 --initial-client-data=0x348,0x34c,0x350,0x344,0x358,0x7ffbd24e5d58,0x7ffbd24e5d64,0x7ffbd24e5d70", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --startup-read-main-dll --metrics-shmem-handle=2224,i,3377350390963965430,16709463295489959638,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2924 /prefetch:3", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --startup-read-main-dll --metrics-shmem-handle=2632,i,2188067933038035117,14075627089191504876,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2932 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=gpu-process --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=2084,i,6134085735445746800,11295493968892064137,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=2360 /prefetch:2", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541939531 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3348,i,11950763115237329230,10523231392815793482,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3392 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541940694 --skip-read-main-dll --metrics-shmem-handle=3356,i,5647178414097470528,8114435118095730626,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3396 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=542200817 --skip-read-main-dll --metrics-shmem-handle=4836,i,2071220740876779182,5632563938745608015,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=4820 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=543231074 --skip-read-main-dll --metrics-shmem-handle=4484,i,14410762605053120473,13433378547220591745,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4024 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --skip-read-main-dll --metrics-shmem-handle=4492,i,4020092805845306063,10328045033888351831,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=4476 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=548257368 --skip-read-main-dll --metrics-shmem-handle=6196,i,5145543345457655702,10314529609131888891,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=6160 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=1608,i,7042525181872960905,11845032959772828956,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=6444 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=578284156 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4840,i,15748124770976359258,15417350930948584221,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708998493415531 --mojo-platform-channel-handle=3316 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=4476,i,7622724040228643054,12288759875611487757,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=6236 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=638299828 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4796,i,12195753600292531721,15847398704622992708,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709000367499229 --mojo-platform-channel-handle=1396 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=642079966 --skip-read-main-dll --metrics-shmem-handle=5788,i,4430515866411945987,13768044107232759783,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709001304541078 --mojo-platform-channel-handle=5580 /prefetch:1", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --skip-read-main-dll --metrics-shmem-handle=3820,i,17709381801662516536,8945971709259553673,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709002241582927 --mojo-platform-channel-handle=3372 /prefetch:8", "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --skip-read-main-dll --metrics-shmem-handle=6624,i,1680310522638211945,12008188480887109079,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709003178624776 --mojo-platform-channel-handle=6648 /prefetch:8", "C:\\Windows\\system32\\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}" ], "resolved_apis": [], "mutexes": [ "Local\\SM0:12320:304:WilStaging_02", "Local\\SM0:12320:120:WilError_03", "Local\\SM0:14276:304:WilStaging_02", "Local\\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b", "Local\\MSCTF.Asm.MutexDefault1", "CicLoadWinStaWinSta0", "Local\\MSCTF.CtfMonitorInstMutexDefault1", "Local\\SM0:14276:120:WilError_03", "Local\\SessionImmersiveColorMutex", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045bf8", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0460e8", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0411e8", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0420b8", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0465d8", "Global\\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!048868" ], "created_services": [], "started_services": [ "GoogleUpdaterService149.0.7814.0" ] }, "enhanced": [ { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:37,047", "eid": 1, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:37,078", "eid": 2, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:40,750", "eid": 3, "data": { "file": "user32", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:40,844", "eid": 4, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" " } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:40,844", "eid": 5, "data": { "file": "C:\\Windows\\System32\\sfc_os.dll", "pathtofile": null, "moduleaddress": "0x7ffc19490000" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:40,859", "eid": 6, "data": { "file": "" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:42,437", "eid": 7, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:42,437", "eid": 8, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:42,453", "eid": 9, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:42,453", "eid": 10, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:42,453", "eid": 11, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:42,453", "eid": 12, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,437", "eid": 13, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,453", "eid": 14, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,453", "eid": 15, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,453", "eid": 16, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,469", "eid": 17, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,484", "eid": 18, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,515", "eid": 19, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,531", "eid": 20, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,547", "eid": 21, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:44,594", "eid": 22, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:45,109", "eid": 23, "data": { "file": "C:\\Windows\\System32\\rsaenh.dll", "pathtofile": null, "moduleaddress": "0x7ffc297d0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:45,734", "eid": 24, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:55,203", "eid": 25, "data": { "file": "C:\\Windows\\System32\\rsaenh.dll", "pathtofile": null, "moduleaddress": "0x7ffc297d0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,484", "eid": 26, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,500", "eid": 27, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,500", "eid": 28, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,500", "eid": 29, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,500", "eid": 30, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,500", "eid": 31, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,515", "eid": 32, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,531", "eid": 33, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,547", "eid": 34, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,562", "eid": 35, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,578", "eid": 36, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,594", "eid": 37, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,609", "eid": 38, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,625", "eid": 39, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,640", "eid": 40, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,656", "eid": 41, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:00,672", "eid": 42, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,062", "eid": 43, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,062", "eid": 44, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,078", "eid": 45, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,250", "eid": 46, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,265", "eid": 47, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,281", "eid": 48, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,297", "eid": 49, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,312", "eid": 50, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,328", "eid": 51, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,344", "eid": 52, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,375", "eid": 53, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,390", "eid": 54, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,406", "eid": 55, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,422", "eid": 56, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,437", "eid": 57, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,469", "eid": 58, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:08,500", "eid": 59, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:42:26,015", "eid": 60, "data": { "file": "C:\\Windows\\System32\\rsaenh.dll", "pathtofile": null, "moduleaddress": "0x7ffc297d0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:50,406", "eid": 61, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,781", "eid": 62, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,781", "eid": 63, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,781", "eid": 64, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,797", "eid": 65, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,797", "eid": 66, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,797", "eid": 67, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,797", "eid": 68, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,812", "eid": 69, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,812", "eid": 70, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,812", "eid": 71, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,812", "eid": 72, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,828", "eid": 73, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,844", "eid": 74, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,859", "eid": 75, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,875", "eid": 76, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,906", "eid": 77, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,937", "eid": 78, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,953", "eid": 79, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,969", "eid": 80, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:52,984", "eid": 81, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:43:53,781", "eid": 82, "data": { "file": "\"C:\\Windows\\system32\\taskmgr.exe\" /4" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:53,781", "eid": 83, "data": { "file": "C:\\Windows\\System32\\sfc_os.dll", "pathtofile": null, "moduleaddress": "0x7ffc19490000" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:43:55,359", "eid": 84, "data": { "file": "%SystemRoot%\\system32\\taskmgr.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,312", "eid": 85, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,359", "eid": 86, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,359", "eid": 87, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,359", "eid": 88, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,359", "eid": 89, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,375", "eid": 90, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,375", "eid": 91, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,890", "eid": 92, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,328", "eid": 93, "data": { "file": "C:\\Windows\\System32\\CapabilityAccessManagerClient.dll", "pathtofile": null, "moduleaddress": "0x7ffc0d0a0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:06,109", "eid": 94, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,859", "eid": 95, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,859", "eid": 96, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,890", "eid": 97, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,906", "eid": 98, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,922", "eid": 99, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,937", "eid": 100, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,953", "eid": 101, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,969", "eid": 102, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,984", "eid": 103, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:08,000", "eid": 104, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:08,015", "eid": 105, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:08,031", "eid": 106, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:16,640", "eid": 107, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:17,078", "eid": 108, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:20,594", "eid": 109, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,312", "eid": 110, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,312", "eid": 111, "data": { "file": "C:\\Windows\\System32\\rsaenh.dll", "pathtofile": null, "moduleaddress": "0x7ffc297d0000" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:41,068", "eid": 112, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" \"--metrics-dir=C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=148.0.7778.217 --initial-client-data=0x268,0x26c,0x270,0x24c,0x274,0x7ffc136be9c0,0x7ffc136be9cc,0x7ffc136be9d8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:41,740", "eid": 113, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --metrics-shmem-handle=2124,i,8991922744502408939,12035519159370364964,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2168 /prefetch:3" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:41,756", "eid": 114, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1760,i,13651363605794111286,5121436129363740046,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1980 /prefetch:2" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:42,021", "eid": 115, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --metrics-shmem-handle=2364,i,6716272949696715985,16613973558693619772,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2408 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:42,334", "eid": 116, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539972201 --metrics-shmem-handle=3300,i,6864544789388492662,1904890231814579921,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3416 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:42,350", "eid": 117, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539984704 --metrics-shmem-handle=3460,i,18353002224121741580,13093445649205443798,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3508 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:42,646", "eid": 118, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540171200 --metrics-shmem-handle=3860,i,7480903360239469260,9372336423967034872,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3976 /prefetch:2" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:43,178", "eid": 119, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540812348 --metrics-shmem-handle=4244,i,11385932005541265785,1562708900009701974,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4104 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:42:11,725", "eid": 120, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5420,i,9293193041365869203,1552283600214825622,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=5452 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:42:11,771", "eid": 121, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5444,i,10078564000181174557,9062345241240227149,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=5456 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:42:11,834", "eid": 122, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5472,i,12896046378289974589,11025856552623480385,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=5432 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:43:47,068", "eid": 123, "data": { "file": "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=940,i,12374555509904114995,13274239554060129860,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=5404 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,084", "eid": 124, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=crashpad-handler \"--user-data-dir=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler \"--database=C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=148.0.7778.180 \"--annotation=exe=C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=148.0.3967.83 --initial-client-data=0x348,0x34c,0x350,0x344,0x358,0x7ffbd24e5d58,0x7ffbd24e5d64,0x7ffbd24e5d70" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,240", "eid": 125, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --startup-read-main-dll --metrics-shmem-handle=2224,i,3377350390963965430,16709463295489959638,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2924 /prefetch:3" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,287", "eid": 126, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --startup-read-main-dll --metrics-shmem-handle=2632,i,2188067933038035117,14075627089191504876,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2932 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,287", "eid": 127, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541939531 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3348,i,11950763115237329230,10523231392815793482,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3392 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,287", "eid": 128, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=gpu-process --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=2084,i,6134085735445746800,11295493968892064137,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=2360 /prefetch:2" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,287", "eid": 129, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541940694 --skip-read-main-dll --metrics-shmem-handle=3356,i,5647178414097470528,8114435118095730626,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3396 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:44,631", "eid": 130, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=542200817 --skip-read-main-dll --metrics-shmem-handle=4836,i,2071220740876779182,5632563938745608015,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=4820 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:45,584", "eid": 131, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=543231074 --skip-read-main-dll --metrics-shmem-handle=4484,i,14410762605053120473,13433378547220591745,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4024 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:45,584", "eid": 132, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --skip-read-main-dll --metrics-shmem-handle=4492,i,4020092805845306063,10328045033888351831,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=4476 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:46,631", "eid": 133, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:41:50,615", "eid": 134, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=548257368 --skip-read-main-dll --metrics-shmem-handle=6196,i,5145543345457655702,10314529609131888891,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=6160 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:42:14,162", "eid": 135, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=1608,i,7042525181872960905,11845032959772828956,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=6444 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:42:20,631", "eid": 136, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=578284156 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4840,i,15748124770976359258,15417350930948584221,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708998493415531 --mojo-platform-channel-handle=3316 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:42:44,193", "eid": 137, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=4476,i,7622724040228643054,12288759875611487757,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=6236 /prefetch:8" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:43:20,662", "eid": 138, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=638299828 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4796,i,12195753600292531721,15847398704622992708,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709000367499229 --mojo-platform-channel-handle=1396 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:43:24,443", "eid": 139, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=642079966 --skip-read-main-dll --metrics-shmem-handle=5788,i,4430515866411945987,13768044107232759783,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709001304541078 --mojo-platform-channel-handle=5580 /prefetch:1" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:43:30,818", "eid": 140, "data": { "file": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --skip-read-main-dll --metrics-shmem-handle=3820,i,17709381801662516536,8945971709259553673,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709002241582927 --mojo-platform-channel-handle=3372 /prefetch:8" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,004", "eid": 141, "data": { "file": "api-ms-win-core-fibers-l1-1-2", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,004", "eid": 142, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,004", "eid": 143, "data": { "file": "bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,004", "eid": 144, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 145, "data": { "file": "api-ms-win-core-localization-l1-2-1", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 146, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 147, "data": { "file": "kernel32", "pathtofile": null, "moduleaddress": "0x7ffc2cff0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 148, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 149, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 150, "data": { "file": "api-ms-win-core-string-l1-1-0", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 151, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 152, "data": { "file": "api-ms-win-core-datetime-l1-1-1", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 153, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 154, "data": { "file": "api-ms-win-core-localization-obsolete-l1-2-0", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 155, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 156, "data": { "file": "bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 157, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 158, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 159, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\channel", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 160, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\channel", "content": "stable" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 161, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\ap", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 162, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort\\name", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 163, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\ClientState\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\\cohort\\name", "content": "" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 164, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 165, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 166, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx", "content": "kernel32.dll" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 167, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2cff0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,019", "eid": 168, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 169, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-AU", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,019", "eid": 170, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,035", "eid": 171, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2cff0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,035", "eid": 172, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,035", "eid": 173, "data": { "file": "api-ms-win-core-file-l1-2-1.dll", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,035", "eid": 174, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 175, "data": { "file": "api-ms-win-core-fibers-l1-1-2", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 176, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 177, "data": { "file": "bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 178, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 179, "data": { "file": "api-ms-win-core-localization-l1-2-1", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 180, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 181, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 182, "data": { "file": "kernel32", "pathtofile": null, "moduleaddress": "0x7ffc2cff0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 183, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 184, "data": { "file": "api-ms-win-core-string-l1-1-0", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 185, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 186, "data": { "file": "api-ms-win-core-datetime-l1-1-1", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 187, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 188, "data": { "file": "api-ms-win-core-localization-obsolete-l1-2-0", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 189, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 190, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,160", "eid": 191, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 192, "data": { "file": "api-ms-win-downlevel-shell32-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b150000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 193, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 194, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 195, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 196, "data": { "file": "bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 197, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,160", "eid": 198, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 199, "data": { "file": "api-ms-win-core-fibers-l1-1-2", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 200, "data": { "file": "bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 201, "data": { "file": "api-ms-win-core-localization-l1-2-1", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 202, "data": { "file": "kernel32", "pathtofile": null, "moduleaddress": "0x7ffc2cff0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 203, "data": { "file": "api-ms-win-core-string-l1-1-0", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 204, "data": { "file": "api-ms-win-core-datetime-l1-1-1", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 205, "data": { "file": "api-ms-win-core-localization-obsolete-l1-2-0", "pathtofile": null, "moduleaddress": "0x7ffc2ad50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 206, "data": { "file": "bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 207, "data": { "file": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge.dll", "pathtofile": null, "moduleaddress": "0x7ffbbe9a0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 208, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 209, "data": { "file": "ucrtbase.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 210, "data": { "file": "ADVAPI32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2ced0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 211, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 212, "data": { "file": "C:\\Windows\\System32\\uxtheme.dll", "pathtofile": null, "moduleaddress": "0x7ffc28160000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 213, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,191", "eid": 214, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme", "content": "1" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 215, "data": { "file": "Kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,191", "eid": 216, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,191", "eid": 217, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 218, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 219, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,191", "eid": 220, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 221, "data": { "file": "USER32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 222, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 223, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 224, "data": { "file": "api-ms-win-core-wow64-l1-1-1.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,191", "eid": 225, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UBR", "content": "3803" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,191", "eid": 226, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion", "content": "22H2" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,191", "eid": 227, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,207", "eid": 228, "data": { "file": "Kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,207", "eid": 229, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,207", "eid": 230, "data": { "file": "shell32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,207", "eid": 231, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,207", "eid": 232, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,207", "eid": 233, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,207", "eid": 234, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 235, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 236, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 237, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 238, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 239, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 240, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 241, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 242, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 243, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 244, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 245, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 246, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 247, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,223", "eid": 248, "data": { "file": "api-ms-win-core-winrt-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b400000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,223", "eid": 249, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 250, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,223", "eid": 251, "data": { "file": "C:\\Windows\\system32\\rpcss.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 252, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 253, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 254, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 255, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 256, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 257, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 258, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 259, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 260, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 261, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 262, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 263, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 264, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 265, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 266, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,223", "eid": 267, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 268, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 269, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 270, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 271, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 272, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 273, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,269", "eid": 274, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,269", "eid": 275, "data": { "file": "api-ms-win-core-winrt-string-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b400000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,269", "eid": 276, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,269", "eid": 277, "data": { "file": "combase.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,269", "eid": 278, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,269", "eid": 279, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,269", "eid": 280, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 281, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\DllPath", "content": "C:\\Windows\\System32\\execmodelclient.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 282, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 283, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 284, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 285, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 286, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 287, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 288, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 289, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundExecutionManager\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 290, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 291, "data": { "file": "C:\\Windows\\System32\\execmodelclient.dll", "pathtofile": null, "moduleaddress": "0x7ffc19830000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 292, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 293, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 294, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 295, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath", "content": "C:\\Windows\\System32\\combase.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 296, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 297, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 298, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 299, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 300, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 301, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 302, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 303, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 304, "data": { "file": "C:\\Windows\\System32\\combase.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b400000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 305, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 306, "data": { "file": "ole32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2c680000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 307, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 308, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 309, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 310, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\DllPath", "content": "C:\\Windows\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 311, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Threading", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 312, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 313, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 314, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 315, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 316, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 317, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 318, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\Permissions", "content": "\\x01\\x00\\x14\\x80$\\x01\\x00\\x000\\x01\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00\\xf4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x13\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x14\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x0b\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x0b\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\t\\x00L\\x00\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00artx\\xf8.\\x00\\x00\\x00W\\x00I\\x00N\\x00:\\x00/\\x00/\\x00I\\x00S\\x00M\\x00U\\x00L\\x00T\\x00I\\x00S\\x00E\\x00S\\x00S\\x00I\\x00O\\x00N\\x00S\\x00K\\x00U\\x00\\xa2\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,285", "eid": 319, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Notifications.ToastNotificationManager\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,285", "eid": 320, "data": { "file": "C:\\Windows\\System32\\twinapi.appcore.dll", "pathtofile": null, "moduleaddress": "0x7ffc25980000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,301", "eid": 321, "data": { "file": "C:\\Windows\\System32\\wpnapps.dll", "pathtofile": null, "moduleaddress": "0x7ffc16860000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,301", "eid": 322, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,301", "eid": 323, "data": { "file": "combase.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 324, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\\ProxyStubClsid32\\(Default)", "content": "{00000320-0000-0000-C000-000000000046}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 325, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000035-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)", "content": "{00000320-0000-0000-C000-000000000046}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,301", "eid": 326, "data": { "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll", "pathtofile": null, "moduleaddress": "0x7ffc1c0a0000" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 327, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)", "content": "{00000320-0000-0000-C000-000000000046}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,301", "eid": 328, "data": { "file": "combase.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 329, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\\ProxyStubClsid32\\(Default)", "content": "{b03c2205-f02e-4d77-80df-e1747afdd39c}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 330, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 331, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 332, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)", "content": "ExecModelProxy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 333, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 334, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 335, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)", "content": "%systemroot%\\system32\\execmodelproxy.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 336, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 337, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 338, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 339, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\(Default)", "content": "ExecModelProxy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 340, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 341, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 342, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\(Default)", "content": "%systemroot%\\system32\\execmodelproxy.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 343, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\InprocServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,301", "eid": 344, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{b03c2205-f02e-4d77-80df-e1747afdd39c}\\AppID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 345, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\\ProxyStubClsid32\\(Default)", "content": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 346, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 347, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 348, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)", "content": "Windows Push Notification Developer Proxy Stub" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,316", "eid": 349, "data": { "file": "C:\\Windows\\System32\\execmodelproxy.dll", "pathtofile": null, "moduleaddress": "0x7ffc178b0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,316", "eid": 350, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 351, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)", "content": "%SystemRoot%\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 352, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 353, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 354, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 355, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\(Default)", "content": "Windows Push Notification Developer Proxy Stub" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 356, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 357, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 358, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)", "content": "%SystemRoot%\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 359, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\(Default)", "content": "%SystemRoot%\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 360, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 361, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\\AppID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 362, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bc3d253-2f31-4092-9129-8ad5abf067da}\\ProxyStubClsid32\\(Default)", "content": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 363, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\PolicyType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 364, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 365, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 366, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 367, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyismultisz", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 368, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 369, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 370, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 371, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 372, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 373, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\PolicyType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 374, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 375, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\MergeAlgorithm", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 376, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 377, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 378, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 379, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname", "content": "LetAppsRunInBackground_ForceAllowTheseApps" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 380, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 381, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 382, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyismultisz", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 383, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 384, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 385, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 386, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 387, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 388, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 389, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\PolicyType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 390, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 391, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\MergeAlgorithm", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 392, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 393, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 394, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 395, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 396, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 397, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 398, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 399, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 400, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\PolicyType", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 401, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 402, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\MergeAlgorithm", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 403, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 404, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 405, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 406, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname", "content": "LetAppsRunInBackground" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 407, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 408, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 409, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF8E9480-CA73-448E-B8F0-DA000F581428}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 410, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 411, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 412, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 413, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 414, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 415, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,316", "eid": 416, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 417, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 418, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 419, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 420, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 421, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 422, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 423, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 424, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 425, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 426, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 427, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 428, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.User\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 429, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 430, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 431, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 432, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 433, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions", "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 434, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 435, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 436, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 437, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity", "content": "nt authority\\system" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 438, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 439, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 440, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 441, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 442, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 443, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 444, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 445, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 446, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84103ccb-2fd7-4d6c-962e-5d8582b4c720}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 447, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 448, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 449, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 450, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 451, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 452, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,332", "eid": 453, "data": { "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll", "pathtofile": null, "moduleaddress": "0x7ffc24d40000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,332", "eid": 454, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 455, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 456, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 457, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 458, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 459, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 460, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 461, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 462, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 463, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DCAEE35A-508D-4419-9E56-50D658C2C812}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,332", "eid": 464, "data": { "file": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll", "pathtofile": null, "moduleaddress": "0x7ffc1beb0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,332", "eid": 465, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 466, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5232f8ea-49c7-4840-bfbb-66e785689e88}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 467, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 468, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 469, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 470, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 471, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 472, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 473, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 474, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 475, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 476, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 477, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,332", "eid": 478, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{195f5943-0c04-4eab-b907-735817fdac77}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 479, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\\ProxyStubClsid32\\(Default)", "content": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 480, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{79ab57f6-43fe-487b-8a7f-99567200ae94}\\ProxyStubClsid32\\(Default)", "content": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 481, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{679C64B7-81AB-42C2-8819-C958767753F4}\\ProxyStubClsid32\\(Default)", "content": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 482, "data": { "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 483, "data": { "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\CapAuthz\\HasRepaired\\VolatileChildTest" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 484, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 485, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 486, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 487, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid", "content": "S-1-15-2-543634040-274359014-2226501544-3561766748-3991453649-3543631192-522786984" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 488, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 489, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids", "content": "\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x93MhQ\\x18=\\xc3\\xa6(\\x927f\\xc7\\xb1\\xfd\\x1eb\\x11\\xb0\\x8dT\\xad@A8\\xb7l\\xebv\\xc0V\\xd6\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xdc\\xdc\\xc7+\\x1b\\x84\\xfb\\x17\\x8c\\xfd\\xd5\\x99\\x9fj\\xa1T\\xc3\t\\x1a\\xfbT\\xa8\\x98\\xa2\\x98\\xef\\x9b\r\\xe1=\\xaa!\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00x2g \\xe6bZ\\x10\\xa8\\xb7\\xb5\\x84\\?L\\xd4\\xd1\\xbf\\xe8\\xedX\\x857\\xd3\\xa8\\x18)\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 490, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 491, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 492, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\PolicyType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 493, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 494, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\MergeAlgorithm", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 495, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 496, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 497, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 498, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyname", "content": "LetAppsRunInBackground_UserInControlOfTheseApps" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 499, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 500, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 501, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicyismultisz", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 502, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 503, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 504, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 505, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 506, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 507, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_UserInControlOfTheseApps\\Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 508, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\PolicyType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 509, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 510, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\MergeAlgorithm", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 511, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 512, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 513, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 514, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyname", "content": "LetAppsRunInBackground_ForceAllowTheseApps" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 515, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 516, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 517, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicyismultisz", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 518, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 519, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 520, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 521, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 522, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 523, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceAllowTheseApps\\Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 524, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\PolicyType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 525, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 526, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\MergeAlgorithm", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 527, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 528, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 529, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 530, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyname", "content": "LetAppsRunInBackground_ForceDenyTheseApps" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 531, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicypath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 532, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 533, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicyismultisz", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 534, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 535, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 536, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 537, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 538, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 539, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground_ForceDenyTheseApps\\Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 540, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\PolicyType", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 541, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Behavior", "content": "139296" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 542, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\MergeAlgorithm", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 543, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 544, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 545, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 546, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyname", "content": "LetAppsRunInBackground" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 547, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 548, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicypath", "content": "Software\\Policies\\Microsoft\\Windows\\AppPrivacy" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 549, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicyismultisz", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 550, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\grouppolicymultiszSeparatorChar", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 551, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 552, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 553, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 554, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 555, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\Privacy\\LetAppsRunInBackground\\Value", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 556, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 557, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\AppPackageType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 558, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 559, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\PackageSid", "content": "S-1-15-2-543634040-274359014-2226501544-3561766748-3991453649-3543631192-522786984" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 560, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 561, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\CapSids", "content": "\\x03\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x93MhQ\\x18=\\xc3\\xa6(\\x927f\\xc7\\xb1\\xfd\\x1eb\\x11\\xb0\\x8dT\\xad@A8\\xb7l\\xebv\\xc0V\\xd6\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xdc\\xdc\\xc7+\\x1b\\x84\\xfb\\x17\\x8c\\xfd\\xd5\\x99\\x9fj\\xa1T\\xc3\t\\x1a\\xfbT\\xa8\\x98\\xa2\\x98\\xef\\x9b\r\\xe1=\\xaa!\\x01\\x08\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00x2g \\xe6bZ\\x10\\xa8\\xb7\\xb5\\x84\\?L\\xd4\\xd1\\xbf\\xe8\\xedX\\x857\\xd3\\xa8\\x18)\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 562, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 563, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\CapAuthz\\ApplicationsEx\\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\\ApplicationFlags", "content": "0" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,363", "eid": 564, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": "0x7ffc2d0f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,363", "eid": 565, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 566, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 567, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 568, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 569, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,363", "eid": 570, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{F655B052-348B-4AB0-947B-A7DAFA44D404}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,379", "eid": 571, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{58058629-16A1-438A-90C8-7E954B3734B1}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,379", "eid": 572, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 573, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1821FE-179D-49BC-B79D-A527920D3665}\\ProxyStubClsid32\\(Default)", "content": "{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:47,394", "eid": 574, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 575, "data": { "file": "api-ms-win-downlevel-shell32-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b150000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 576, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 577, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 578, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 579, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\DllPath", "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 580, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 581, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 582, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 583, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 584, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 585, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 586, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,394", "eid": 587, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.LimitedAccessFeatures\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 588, "data": { "file": "C:\\Windows\\System32\\Windows.ApplicationModel.dll", "pathtofile": null, "moduleaddress": "0x7ffc19ae0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 589, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 590, "data": { "file": "C:\\Windows\\System32\\bcryptprimitives.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b0c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 591, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,394", "eid": 592, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 593, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 594, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\(Default)", "content": "04c19204-10d9-450a-95c4-2910c8f72be3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 595, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 596, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 597, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 598, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\DllPath", "content": "C:\\Windows\\System32\\CryptoWinRT.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 599, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 600, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 601, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 602, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 603, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 604, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 605, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 606, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.CryptographicBuffer\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,410", "eid": 607, "data": { "file": "C:\\Windows\\System32\\CryptoWinRT.dll", "pathtofile": null, "moduleaddress": "0x7ffc0c8d0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,410", "eid": 608, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 609, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 610, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 611, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\DllPath", "content": "C:\\Windows\\System32\\CryptoWinRT.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 612, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 613, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 614, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 615, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 616, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 617, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 618, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 619, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmNames\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 620, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 621, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 622, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\DllPath", "content": "C:\\Windows\\System32\\CryptoWinRT.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 623, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 624, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 625, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 626, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 627, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 628, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 629, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 630, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.Cryptography.Core.HashAlgorithmProvider\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 631, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\LimitedAccessFeatures\\com.microsoft.windows.taskbar.requestPinSecondaryTile\\Expiration", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 632, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 633, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 634, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath", "content": "C:\\Windows\\System32\\twinapi.appcore.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 635, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 636, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 637, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 638, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 639, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 640, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 641, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:47,410", "eid": 642, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:47,410", "eid": 643, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 644, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 645, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 646, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath", "content": "C:\\Windows\\System32\\WinTypes.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 647, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 648, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 649, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 650, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 651, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 652, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 653, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 654, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,473", "eid": 655, "data": { "file": "C:\\Windows\\System32\\WinTypes.dll", "pathtofile": null, "moduleaddress": "0x7ffc26fe0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,473", "eid": 656, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 657, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,473", "eid": 658, "data": { "file": "oleaut32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 659, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 660, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 661, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\DllPath", "content": "C:\\Windows\\System32\\WinTypes.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 662, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 663, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 664, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 665, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 666, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 667, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 668, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 669, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 670, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 671, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 672, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\DllPath", "content": "C:\\Windows\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 673, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Threading", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 674, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 675, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 676, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateAsUser", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 677, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 678, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateInBrokerForMediumILContainer", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 679, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 680, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.SecondaryTile\\ActivateOnHostFlags", "content": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,473", "eid": 681, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,473", "eid": 682, "data": { "file": "api-ms-win-downlevel-shell32-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b150000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,473", "eid": 683, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 684, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 685, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 686, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\DllPath", "content": "C:\\Windows\\System32\\TileDataRepository.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 687, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 688, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 689, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 690, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 691, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 692, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 693, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 694, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.SecondaryTileStore\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 695, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 696, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 697, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\DllPath", "content": "C:\\Windows\\System32\\biwinrt.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 698, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 699, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,473", "eid": 700, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundTaskRegistration\\ActivateOnHostFlags", "content": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,473", "eid": 701, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,488", "eid": 702, "data": { "file": "C:\\Windows\\System32\\TileDataRepository.dll", "pathtofile": null, "moduleaddress": "0x7ffc17000000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,488", "eid": 703, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,488", "eid": 704, "data": { "file": "C:\\Windows\\System32\\biwinrt.dll", "pathtofile": null, "moduleaddress": "0x7ffc10950000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,488", "eid": 705, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,488", "eid": 706, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,488", "eid": 707, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 708, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 709, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Server", "content": "UserManager" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 710, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 711, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 712, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 713, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 714, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 715, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 716, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 717, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 718, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 719, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 720, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 721, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 722, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 723, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\CommandLine", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 724, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 725, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\IdentityType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 726, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 727, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Permissions", "content": "\\x01\\x00\\x14\\x80d\\x00\\x00\\x00p\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x004\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 728, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Background.BackgroundWorkManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 729, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServerType", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 730, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\AppId", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 731, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\Identity", "content": "nt authority\\system" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 732, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ServiceName", "content": "UserManager" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 733, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\UserManager\\ExplicitPsmActivationType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 734, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Server", "content": "UserManager" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 735, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 736, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 737, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 738, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{350E1244-4575-45EE-8595-0AA8C6506FC7}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 739, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 740, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.Internal.UserManager\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 741, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 742, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 743, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 744, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 745, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 746, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "content": "Windows.System.User.ProxyStubFactory" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 747, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 748, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 749, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 750, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 751, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 752, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 753, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 754, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 755, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 756, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 757, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\usermgrproxy.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 758, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\(Default)", "content": "Windows.System.User.ProxyStubFactory" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 759, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 760, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 761, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 762, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\usermgrproxy.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 763, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\AppID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,488", "eid": 764, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,504", "eid": 765, "data": { "file": "C:\\Windows\\System32\\usermgrproxy.dll", "pathtofile": null, "moduleaddress": "0x7ffc23800000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,504", "eid": 766, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 767, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 768, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{100EB64B-B24C-4C38-8964-720D926D05A4}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 769, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 770, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 771, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 772, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 773, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 774, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 775, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 776, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 777, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 778, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 779, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 780, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 781, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 782, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 783, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.SecondaryTileView\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 784, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 785, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 786, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\DllPath", "content": "C:\\Windows\\System32\\WinTypes.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 787, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 788, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 789, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 790, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 791, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 792, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 793, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.ValueSet\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 794, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b3f72108-5c5c-469b-a5e5-3f64d2a39b01}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 795, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 796, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 797, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath", "content": "C:\\Windows\\System32\\WinTypes.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 798, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 799, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 800, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 801, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 802, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 803, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 804, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 805, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 806, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 807, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Application\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 808, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{d81e96f1-a89c-417e-9335-59531026309d}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 809, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,504", "eid": 810, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 811, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 812, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 813, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\DllPath", "content": "C:\\Windows\\System32\\WinTypes.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 814, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 815, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 816, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 817, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 818, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 819, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 820, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 821, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataReader\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 822, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 823, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 824, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 825, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9ed07b24-36fd-543b-948e-b01fe5814b49}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 826, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,519", "eid": 827, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{efe869fc-5841-55f1-aa56-82c7219aaa09}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 828, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 829, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 830, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 831, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\\ProxyStubClsid32\\(Default)", "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,535", "eid": 832, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:49,535", "eid": 833, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 834, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 835, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 836, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\DllPath", "content": "C:\\Windows\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 837, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 838, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 839, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 840, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 841, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 842, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateInBrokerForMediumILContainer", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 843, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 844, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.Shell.TaskbarManager\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 845, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 846, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 847, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\DllPath", "content": "C:\\Windows\\System32\\windows.internal.shell.broker.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 848, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 849, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\TrustLevel", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 850, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 851, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 852, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 853, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 854, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,535", "eid": 855, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,551", "eid": 856, "data": { "file": "gdi32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2cb50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,551", "eid": 857, "data": { "file": "C:\\Windows\\System32\\windows.internal.shell.broker.dll", "pathtofile": null, "moduleaddress": "0x7ffc10840000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,551", "eid": 858, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,551", "eid": 859, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,551", "eid": 860, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\\ProxyStubClsid32\\(Default)", "content": "{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,551", "eid": 861, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 862, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 863, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 864, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 865, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 866, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 867, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 868, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 869, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 870, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 871, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 872, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 873, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 874, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 875, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\\AppID", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,566", "eid": 876, "data": { "file": "C:\\Windows\\System32\\PCShellCommonProxyStub.dll", "pathtofile": null, "moduleaddress": "0x7ffc11c60000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,566", "eid": 877, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,566", "eid": 878, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 879, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 880, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 881, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\DllPath", "content": "C:\\Windows\\System32\\wpnapps.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 882, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Threading", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 883, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 884, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 885, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 886, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 887, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateInBrokerForMediumILContainer", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 888, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 889, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.UI.StartScreen.StartScreenManager\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 890, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 891, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Server", "content": "UserManager" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 892, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 893, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 894, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 895, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 896, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 897, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 898, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 899, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 900, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\Permissions", "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 901, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.System.User\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 902, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 903, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,566", "eid": 904, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\\ProxyStubClsid32\\(Default)", "content": "{1BAC8681-2965-4FFC-92D1-170CA4099E01}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 905, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 906, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 907, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\DllPath", "content": "C:\\Windows\\System32\\TileDataRepository.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 908, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 909, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 910, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 911, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 912, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 913, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 914, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 915, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.Tiles.TileStore\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 916, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 917, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 918, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 919, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 920, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 921, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 922, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 923, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 924, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 925, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 926, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.TileView\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 927, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 928, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces\\DefaultStart", "content": "Windows.Internal.ApplicationModel.StartPinnableSurface" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 929, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 930, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 931, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\DllPath", "content": "C:\\Windows\\System32\\StartTileData.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 932, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 933, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 934, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 935, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateAsUser", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 936, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 937, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 938, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,582", "eid": 939, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.ApplicationModel.StartPinnableSurface\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,598", "eid": 940, "data": { "file": "C:\\Windows\\System32\\StartTileData.dll", "pathtofile": null, "moduleaddress": "0x7ffc16a70000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,598", "eid": 941, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,598", "eid": 942, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,598", "eid": 943, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,598", "eid": 944, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,598", "eid": 945, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel\\PinnableSurfaces\\DefaultStart", "content": "Windows.Internal.ApplicationModel.StartPinnableSurface" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 946, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience", "content": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 947, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 948, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 949, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 950, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 951, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 952, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:49,613", "eid": 953, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 954, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 955, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 956, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\DllPath", "content": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 957, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Threading", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 958, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 959, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 960, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 961, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 962, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 963, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 964, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.ApplicationData\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,613", "eid": 965, "data": { "file": "C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll", "pathtofile": null, "moduleaddress": "0x7ffc10bf0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,613", "eid": 966, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 967, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\PSR\\WnfStateName", "content": "\\xe5\\xd0\\xbd\\xa3mN\\xc6A" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 968, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 969, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "content": "%USERPROFILE%\\AppData\\Local" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 970, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,613", "eid": 971, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "content": "C:\\Users\\admin" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 972, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 973, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,629", "eid": 974, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 975, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 976, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 977, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 978, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 979, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 980, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 981, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 982, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 983, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 984, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags", "content": "1581568" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 985, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 986, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,629", "eid": 987, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,629", "eid": 988, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,644", "eid": 989, "data": { "file": "C:\\Windows\\System32\\mssprxy.dll", "pathtofile": null, "moduleaddress": "0x7ffc1ad10000" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,644", "eid": 990, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\\ProxyStubClsid32\\(Default)", "content": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,644", "eid": 991, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\\ProxyStubClsid32\\(Default)", "content": "{A5EBA07A-DAE8-4d15-B12F-728EFD8A9866}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,644", "eid": 992, "data": { "file": "C:\\Windows\\System32\\propsys.dll", "pathtofile": null, "moduleaddress": "0x7ffc27140000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,660", "eid": 993, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 994, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 995, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "content": "%USERPROFILE%\\AppData\\Local" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 996, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 997, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "content": "C:\\Users\\admin" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 998, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 999, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 1000, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,660", "eid": 1001, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\PackageRepositoryRoot", "content": "C:\\ProgramData\\Microsoft\\Windows\\AppRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1002, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1003, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1004, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1005, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1006, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1007, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState", "content": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1008, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,676", "eid": 1009, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1010, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1011, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1012, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\xbd\\xbb\\x88\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1013, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1014, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1015, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1016, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1017, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1018, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1019, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1020, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1021, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x9d\\x7f\\xd7`\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00E\\x00D\\x00D\\x00C\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1022, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1023, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1024, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1025, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1026, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1027, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x80#\\x00\\x00\\x00\\x07\\x02H\\x01\\xfe\\x00\\x00\\x00\\x11\\x00\\x00\\x00x\\x00'\\xca\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00C\\x00S\\x00I\\x00#\\x00C\\x00d\\x00R\\x00o\\x00m\\x00&\\x00V\\x00e\\x00n\\x00_\\x00<\\x00W\\x00O\\x00O\\x00T\\x00>\\x00&\\x00P\\x00r\\x00o\\x00d\\x00_\\x00H\\x00L\\x00-\\x00P\\x00Q\\x00-\\x00S\\x00V\\x00_\\x00W\\x00B\\x008\\x00#\\x004\\x00&\\x003\\x005\\x004\\x002\\x004\\x008\\x006\\x007\\x00&\\x000\\x00&\\x000\\x001\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1028, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1029, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1030, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1031, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1032, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1033, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1034, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1035, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1036, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1037, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1038, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1039, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1040, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1041, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1042, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1043, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1044, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1045, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1046, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name", "content": "Start Menu" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1047, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder", "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1048, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1049, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath", "content": "Microsoft\\Windows\\Start Menu" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1050, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1051, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1052, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21786" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1053, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1054, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1055, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1056, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1057, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1058, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1059, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1060, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1061, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1062, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1063, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1064, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1065, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1066, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu", "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1067, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1068, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name", "content": "Common Start Menu" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1069, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder", "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1070, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1071, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath", "content": "Microsoft\\Windows\\Start Menu" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1072, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1073, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1074, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21786" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1075, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1076, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1077, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1078, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1079, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1080, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1081, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1082, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1083, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1084, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1085, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1086, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1087, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1088, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu", "content": "%ProgramData%\\Microsoft\\Windows\\Start Menu" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1089, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1090, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name", "content": "Recent" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1091, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder", "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1092, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1093, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath", "content": "Microsoft\\Windows\\Recent" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1094, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1095, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip", "content": "@shell32,dll,-12692" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1096, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21797" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1097, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon", "content": "%SystemRoot%\\system32\\imageres.dll,-117" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1098, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1099, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1100, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1101, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1102, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1103, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1104, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1105, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1106, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1107, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1108, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1109, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1110, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent", "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1111, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1112, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name", "content": "Windows" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1113, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1114, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1115, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1116, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1117, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1118, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1119, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1120, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1121, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1122, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1123, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1124, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1125, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1126, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1127, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1128, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1129, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1130, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,691", "eid": 1131, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1132, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1133, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name", "content": "System" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1134, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1135, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1136, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1137, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1138, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1139, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1140, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1141, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1142, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1143, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1144, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1145, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1146, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1147, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1148, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1149, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1150, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1151, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1152, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1153, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1154, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name", "content": "Personal" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1155, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1156, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1157, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath", "content": "Documents" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1158, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName", "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1159, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1160, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName", "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21770" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1161, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon", "content": "%SystemRoot%\\system32\\imageres.dll,-112" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1162, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1163, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1164, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1165, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1166, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1167, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1168, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1169, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1170, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1171, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1172, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1173, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1174, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal", "content": "%USERPROFILE%\\Documents" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1175, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1176, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name", "content": "Fonts" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1177, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder", "content": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1178, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1179, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1180, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1181, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1182, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1183, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1184, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1185, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1186, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1187, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1188, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1189, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1190, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1191, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1192, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1193, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1194, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1195, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:41:49,707", "eid": 1196, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask", "content": "32" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:49,707", "eid": 1197, "data": { "file": "C:\\Windows\\System32\\windows.storage.dll", "pathtofile": null, "moduleaddress": "0x7ffc288b0000" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,723", "eid": 1198, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:49,723", "eid": 1199, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,723", "eid": 1200, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:49,723", "eid": 1201, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:54,629", "eid": 1202, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:54,629", "eid": 1203, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:54,738", "eid": 1204, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:54,738", "eid": 1205, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:59,754", "eid": 1206, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:41:59,754", "eid": 1207, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:41:59,754", "eid": 1208, "data": { "file": "oleaut32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:59,754", "eid": 1209, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:59,754", "eid": 1210, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "write", "object": "file", "timestamp": "2026-05-28 21:41:59,754", "eid": 1211, "data": { "file": "\\Device\\NamedPipe\\LOCAL\\mojo.2208.10956.8882597667698512199" } }, { "event": "start", "object": "service", "timestamp": "2026-05-28 21:42:03,573", "eid": 1212, "data": { "service": "GoogleUpdaterService149.0.7814.0" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:46,386", "eid": 1213, "data": { "file": "C:\\Windows\\System32\\rsaenh.dll", "pathtofile": null, "moduleaddress": "0x7ffc297d0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,386", "eid": 1214, "data": { "file": "C:\\Windows\\System32\\rsaenh.dll", "pathtofile": null, "moduleaddress": "0x7ffc297d0000" } }, { "event": "execute", "object": "file", "timestamp": "2026-05-28 21:44:24,183", "eid": 1215, "data": { "file": "C:\\Windows\\system32\\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:43:59,182", "eid": 1216, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1217, "data": { "file": "LPK", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1218, "data": { "file": "GDI32", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1219, "data": { "file": "advapi32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1220, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": "0x7ffc2d0f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1221, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1222, "data": { "file": "user32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1223, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1224, "data": { "file": "advapi32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1225, "data": { "file": "api-ms-win-core-synch-l1-2-0.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1226, "data": { "file": "gdi32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2cb50000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,182", "eid": 1227, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,197", "eid": 1228, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,760", "eid": 1229, "data": { "file": "api-ms-win-core-synch-l1-2-0.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,760", "eid": 1230, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:43:59,760", "eid": 1231, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,760", "eid": 1232, "data": { "file": "Comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,760", "eid": 1233, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,760", "eid": 1234, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,760", "eid": 1235, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,775", "eid": 1236, "data": { "file": "C:\\Windows\\System32\\duser.dll", "pathtofile": null, "moduleaddress": "0x7ffc1c720000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,775", "eid": 1237, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,807", "eid": 1238, "data": { "file": "C:\\Windows\\System32\\uxtheme.dll", "pathtofile": null, "moduleaddress": "0x7ffc28160000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,885", "eid": 1239, "data": { "file": "user32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,885", "eid": 1240, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:43:59,885", "eid": 1241, "data": { "file": "C:\\Windows\\system32\\rpcss.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,104", "eid": 1242, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,104", "eid": 1243, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,104", "eid": 1244, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,104", "eid": 1245, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1246, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1247, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1248, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences", "content": "\r\\x00\\x00\\x00`\\x00\\x00\\x00`\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xfd\\x01\\x00\\x00\\xf6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x80\\xd8\\x01\\x00\\x80\\xdf\\x01\\x00\\x80\\x00\\x01\\x00\\x01\\xc1\\x01\\x00\\x00,\\x01\\x00\\x00i\\x04\\x00\\x00\\x84\\x03\\x00\\x00\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xea\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x89\\x90\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x00\\x00\\x00\\x01\\x01P\\x02\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x96\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8b\\x90\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x10\\x01\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xffx\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8c\\x90\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x12\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x96\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8d\\x90\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x10\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\xaa\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff2\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8a\\x90\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08 \\x01\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xab\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xc8\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x8e\\x90\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x10\\x01\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xab\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x04\\x01\\x00\\x00\\x1e\\x00\\x00\\x00\\x8f\\x90\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x10\\x01\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xab\\xef\\x99\\xf7\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xffI\\x00\\x00\\x00" } }, { "event": "delete", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1249, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\Preferences" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1250, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\UseStatusSetting", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1251, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1252, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:00,307", "eid": 1253, "data": { "file": "Comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:00,307", "eid": 1254, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1255, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,307", "eid": 1256, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:00,494", "eid": 1257, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,494", "eid": 1258, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,494", "eid": 1259, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,494", "eid": 1260, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath", "content": "C:\\Windows\\Fonts\\staticcache.dat" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:00,494", "eid": 1261, "data": { "file": "C:\\Windows\\Fonts\\StaticCache.dat" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1262, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1263, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2", "content": "SimSun-ExtB" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1264, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1265, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1266, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1267, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1268, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1269, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1270, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1271, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1272, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1273, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1274, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1275, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1276, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1277, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:00,744", "eid": 1278, "data": { "file": "C:\\Windows\\system32\\taskmgr.exe", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:00,744", "eid": 1279, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:00,744", "eid": 1280, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:00,744", "eid": 1281, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:01,869", "eid": 1282, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx", "content": "kernel32.dll" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1283, "data": { "file": "kernel32.dll", "pathtofile": null, "moduleaddress": "0x7ffc2cff0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1284, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:01,869", "eid": 1285, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1286, "data": { "file": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1287, "data": { "file": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1288, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1289, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1290, "data": { "file": "user32", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1291, "data": { "file": "ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2c7c0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1292, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1293, "data": { "file": "api-ms-win-core-com-l1-1-0.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b400000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1294, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1295, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:01,869", "eid": 1296, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:01,869", "eid": 1297, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:01,869", "eid": 1298, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1299, "data": { "file": "iertutil.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1300, "data": { "file": "USER32", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1301, "data": { "file": "C:\\Windows\\System32\\msctf.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b280000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1302, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1303, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:01,869", "eid": 1304, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1305, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\PolicyType", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1306, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Behavior", "content": "8225" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1307, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\MergeAlgorithm", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1308, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirectMapped", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1309, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1310, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegKeyPathRedirect", "content": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1311, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegValueNameRedirect", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1312, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\RegValueNameRedirect", "content": "HideFastUserSwitching" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1313, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\grouppolicyname", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1314, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1315, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataDevice", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1316, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\ADMXMetadataBoth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1317, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\30Value", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1318, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\default\\WindowsLogon\\HideFastUserSwitching\\Value", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1319, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\HideFastUserSwitching", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1320, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,307", "eid": 1321, "data": { "file": "Comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,307", "eid": 1322, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1323, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1324, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1325, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\DllPath", "content": "C:\\Windows\\System32\\NetworkUXBroker.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1326, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1327, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1328, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1329, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1330, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1331, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1332, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1333, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Networking.UX.UXManager\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,307", "eid": 1334, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaxSxSHashCount", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,604", "eid": 1335, "data": { "file": "C:\\Windows\\System32\\NetworkUXBroker.dll", "pathtofile": null, "moduleaddress": "0x7ffc1d240000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:02,604", "eid": 1336, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1337, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\shellExperience", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1338, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\Active", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1339, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.DAMediaManager\\MediaType", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1340, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\Active", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1341, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.EthernetMediaManager\\MediaType", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1342, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\Active", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1343, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.MBMediaManager\\MediaType", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1344, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\Active", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1345, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.RasMediaManager\\MediaType", "content": "5" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1346, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\Active", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:02,604", "eid": 1347, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkUxManager\\Windows.Networking.UX.Internal.WlanMediaManager\\MediaType", "content": "1" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1348, "data": { "file": "atlthunk.dll", "pathtofile": null, "moduleaddress": "0x7ffc0d2a0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1349, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1350, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1351, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,010", "eid": 1352, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-AU", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,010", "eid": 1353, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,010", "eid": 1354, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme", "content": "1" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1355, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1356, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,010", "eid": 1357, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,010", "eid": 1358, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,025", "eid": 1359, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,025", "eid": 1360, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,025", "eid": 1361, "data": { "regkey": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,025", "eid": 1362, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,025", "eid": 1363, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,025", "eid": 1364, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,025", "eid": 1365, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,025", "eid": 1366, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,135", "eid": 1367, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:03,135", "eid": 1368, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,135", "eid": 1369, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,135", "eid": 1370, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,135", "eid": 1371, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:03,135", "eid": 1372, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,463", "eid": 1373, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": "0x7ffc2d0f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:07,463", "eid": 1374, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1375, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID", "content": "{41945702-8302-44A6-9445-AC98E8AFA086}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1376, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1377, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author", "content": "Microsoft Corporation" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1378, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1379, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName", "content": "Microsoft Raw Image Decoder" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1380, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1381, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version", "content": "10.0.19041.3636" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1382, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1383, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion", "content": "1.0.0.0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1384, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1385, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor", "content": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1386, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1387, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)", "content": "%SystemRoot%\\system32\\MSRAWImage.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1388, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1389, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat", "content": "{FE99CE60-F19C-433C-A3AE-00ACEFA9CA21}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1390, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1391, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1392, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1393, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion", "content": "1.0.0.0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1394, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1395, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes", "content": "image/3FR,image/ARI,image/ARW,image/BAY,image/CAP,image/CR2,image/CR3,image/CRW,image/DCS,image/DCR,image/DRF,image/EIP,image/ERF,image/FFF,image/IIQ,image/K25,image/KDC,image/MEF,image/MOS,image/MRW,image/NEF,image/NRW,image/ORF,image/ORI,image/PEF,image/" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1396, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1397, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions", "content": ".3FR,.ARI,.ARW,.BAY,.CAP,.CR2,.CR3,.CRW,.DCS,.DCR,.DRF,.EIP,.ERF,.FFF,.IIQ,.K25,.KDC,.MEF,.MOS,.MRW,.NEF,.NRW,.ORF,.ORI,.PEF,.PTX,.PXN,.RAF,.RAW,.RW2,.RWL,.SR2,.SRF,.SRW,.X3F,.DNG" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1398, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1399, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1400, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1401, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1402, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority", "content": "10" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1403, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1404, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1405, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1406, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1407, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1408, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1409, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1410, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1411, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1412, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,963", "eid": 1413, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1414, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1415, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1416, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1417, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1418, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1419, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1420, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern", "content": "MM\\x00*" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1421, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1422, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1423, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1424, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1425, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern", "content": "II*\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1426, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1427, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1428, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position", "content": "8" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1429, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1430, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern", "content": "MMMMRaw\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1431, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1432, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask", "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1433, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1434, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1435, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern", "content": "IIU\\x00\\x08\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1436, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1437, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1438, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1439, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1440, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern", "content": "IIU\\x00\\x18\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1441, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1442, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1443, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1444, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1445, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern", "content": "FOVb" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1446, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1447, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1448, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1449, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1450, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern", "content": "ftypcrx " } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1451, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1452, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1453, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1454, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1455, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern", "content": "IIRO" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1456, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1457, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1458, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1459, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1460, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern", "content": "IIRS" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1461, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1462, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1463, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1464, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1465, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern", "content": "MMOR" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1466, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1467, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1468, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1469, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1470, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern", "content": "MMSR" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1471, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1472, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1473, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1474, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1475, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern", "content": "II\\x1a\\x00\\x00\\x00HE" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1476, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1477, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1478, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1479, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1480, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern", "content": "FUJIFILM" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1481, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1482, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1483, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1484, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1485, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern", "content": "\\x00MRM" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1486, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1487, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1488, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position", "content": "8" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1489, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1490, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern", "content": "IIII\\x00waR" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1491, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,979", "eid": 1492, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask", "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1493, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID", "content": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1494, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1495, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author", "content": "Microsoft Corporation" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1496, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1497, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName", "content": "Microsoft Camera Raw Decoder" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1498, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1499, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version", "content": "10.0.19041.3636" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1500, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1501, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion", "content": "1.0.0.0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1502, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1503, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor", "content": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1504, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1505, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)", "content": "C:\\Windows\\System32\\WindowsCodecsRaw.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1506, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1507, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat", "content": "{C1FC85CB-D64F-478B-A4EC-69ADC9EE1392}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1508, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1509, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1510, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1511, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion", "content": "1.0.0.0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1512, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1513, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes", "content": "image/ARW,image/CR2,image/CRW,image/ERF,image/KDC,image/MRW,image/NEF,image/NRW,image/ORF,image/PEF,image/RAF,image/RAW,image/RW2,image/RWL,image/SR2,image/SRW,image/DNG" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1514, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1515, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions", "content": ".ARW,.CR2,.CRW,.ERF,.KDC,.MRW,.NEF,.NRW,.ORF,.PEF,.RAF,.RAW,.RW2,.RWL,.SR2,.SRW,.DNG" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1516, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1517, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1518, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1519, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1520, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority", "content": "9" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1521, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1522, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1523, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1524, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1525, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1526, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1527, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1528, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1529, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1530, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1531, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1532, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1533, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1534, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1535, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1536, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern", "content": "MM\\x00*" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1537, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1538, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1539, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1540, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1541, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern", "content": "II*\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1542, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1543, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1544, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position", "content": "8" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1545, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1546, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern", "content": "MMMMRaw\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1547, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1548, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask", "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1549, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1550, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1551, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern", "content": "IIU\\x00\\x08\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1552, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1553, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1554, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1555, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1556, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern", "content": "IIU\\x00\\x18\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1557, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1558, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1559, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1560, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1561, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern", "content": "IIRO" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1562, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1563, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1564, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1565, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1566, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern", "content": "IIRS" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1567, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1568, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1569, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1570, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1571, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern", "content": "MMOR" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1572, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1573, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1574, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1575, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1576, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern", "content": "MMSR" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1577, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1578, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:10,994", "eid": 1579, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1580, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1581, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern", "content": "II\\x1a\\x00\\x00\\x00HE" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1582, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1583, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1584, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1585, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1586, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern", "content": "FUJIFILM" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1587, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1588, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask", "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1589, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1590, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1591, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern", "content": "\\x00MRM" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1592, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1593, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask", "content": "\\xff\\xff\\xff\\xff" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1594, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position", "content": "8" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1595, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1596, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern", "content": "IIII\\x00waR" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1597, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:11,010", "eid": 1598, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask", "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:11,010", "eid": 1599, "data": { "file": "Winsta.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:11,010", "eid": 1600, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:11,932", "eid": 1601, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:11,932", "eid": 1602, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:11,932", "eid": 1603, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:11,932", "eid": 1604, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:11,932", "eid": 1605, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:11,932", "eid": 1606, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:14,244", "eid": 1607, "data": { "file": "C:\\Windows\\System32\\Windows.UI.Immersive.dll", "pathtofile": null, "moduleaddress": "0x7ffc1e400000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1608, "data": { "file": "advapi32.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1609, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1610, "data": { "file": "USER32.DLL", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1611, "data": { "file": "api-ms-win-core-libraryloader-l1-2-0.DLL", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1612, "data": { "file": "api-ms-win-core-memory-l1-1-2.DLL", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1613, "data": { "file": "NTDLL.DLL", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1614, "data": { "file": "OLEAUT32.DLL", "pathtofile": null, "moduleaddress": "0x7ffc2ca70000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,150", "eid": 1615, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,150", "eid": 1616, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)", "content": "{03022430-ABC4-11D0-BDE2-00AA001A1953}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,166", "eid": 1617, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,166", "eid": 1618, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,338", "eid": 1619, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,338", "eid": 1620, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,525", "eid": 1621, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,525", "eid": 1622, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,525", "eid": 1623, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,525", "eid": 1624, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,697", "eid": 1625, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,697", "eid": 1626, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,697", "eid": 1627, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,697", "eid": 1628, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,697", "eid": 1629, "data": { "file": "comctl32", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,697", "eid": 1630, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,697", "eid": 1631, "data": { "file": "Comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,697", "eid": 1632, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,885", "eid": 1633, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:15,885", "eid": 1634, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskManager\\StartUpTab", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:15,885", "eid": 1635, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:16,463", "eid": 1636, "data": { "file": "srumapi.dll", "pathtofile": null, "moduleaddress": "0x7ffc19c60000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:16,463", "eid": 1637, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:18,182", "eid": 1638, "data": { "file": "C:\\Windows\\System32\\srumapi.dll", "pathtofile": null, "moduleaddress": "0x7ffc19c60000" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:18,182", "eid": 1639, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\\ProxyStubClsid32\\(Default)", "content": "{71A5EC7F-F325-4376-9D94-622C372E256F}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,135", "eid": 1640, "data": { "file": "api-ms-win-eventing-provider-l1-1-0.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,135", "eid": 1641, "data": { "file": "api-ms-win-core-synch-l1-2-0.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,135", "eid": 1642, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1643, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1644, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name", "content": "ProgramFilesX86" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1645, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1646, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1647, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1648, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1649, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1650, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21817" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1651, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1652, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1653, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1654, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1655, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1656, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1657, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1658, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1659, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1660, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1661, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1662, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1663, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1664, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)", "content": "C:\\Program Files (x86)" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,135", "eid": 1665, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,150", "eid": 1666, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name", "content": "ProgramFilesX64" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,150", "eid": 1667, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,166", "eid": 1668, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,166", "eid": 1669, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1670, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1671, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1672, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1673, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1674, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1675, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1676, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1677, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1678, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1679, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1680, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1681, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1682, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1683, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1684, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1685, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1686, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir", "content": "C:\\Program Files" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1687, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1688, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name", "content": "SystemX86" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1689, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1690, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1691, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1692, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1693, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1694, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1695, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1696, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1697, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1698, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1699, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1700, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1701, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1702, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1703, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1704, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1705, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1706, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1707, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1708, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1709, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name", "content": "System" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1710, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1711, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1712, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1713, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1714, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1715, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1716, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1717, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1718, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1719, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1720, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1721, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1722, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1723, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1724, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1725, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1726, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1727, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,197", "eid": 1728, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler", "content": null } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,213", "eid": 1729, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,213", "eid": 1730, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,213", "eid": 1731, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,213", "eid": 1732, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,229", "eid": 1733, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,244", "eid": 1734, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,307", "eid": 1735, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,307", "eid": 1736, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,307", "eid": 1737, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,307", "eid": 1738, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,322", "eid": 1739, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "findwindow", "object": "windowname", "timestamp": "2026-05-28 21:44:21,322", "eid": 1740, "data": { "classname": "Shell_TrayWnd", "windowname": "" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1741, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1742, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name", "content": "ProgramFiles" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1743, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1744, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1745, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1746, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1747, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1748, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21781" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1749, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1750, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1751, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1752, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1753, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1754, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1755, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1756, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1757, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1758, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1759, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1760, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1761, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,322", "eid": 1762, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir", "content": "C:\\Program Files" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,322", "eid": 1763, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,322", "eid": 1764, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,322", "eid": 1765, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1766, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1767, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1768, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1769, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1770, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1771, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1772, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1773, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,338", "eid": 1774, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,354", "eid": 1775, "data": { "file": "C:\\Windows\\System32\\WDI\\LogFiles\\StartupInfo\\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1776, "data": { "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1777, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1778, "data": { "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1779, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1780, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1781, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1782, "data": { "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1783, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1784, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1785, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1786, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1787, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name", "content": "Startup" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1788, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder", "content": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1789, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1790, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath", "content": "StartUp" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1791, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1792, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1793, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21787" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1794, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1795, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1796, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1797, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1798, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1799, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1800, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1801, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1802, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1803, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1804, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1805, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1806, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1807, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1808, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup", "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1809, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category", "content": "3" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1810, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name", "content": "Common Startup" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1811, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder", "content": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1812, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1813, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath", "content": "StartUp" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1814, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1815, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1816, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName", "content": "@%SystemRoot%\\system32\\shell32.dll,-21787" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1817, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1818, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1819, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1820, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1821, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1822, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1823, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1824, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1825, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1826, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1827, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1828, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1829, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1830, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Startup", "content": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1831, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1832, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SecurityHealth", "content": "%windir%\\system32\\SecurityHealthSystray.exe" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1833, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\SecurityHealth", "content": "\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1834, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1835, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1836, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1837, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1838, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Max Cached Icons", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1839, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1840, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1841, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1842, "data": { "file": "comctl32.dll", "pathtofile": null, "moduleaddress": "0x7ffc171f0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:21,354", "eid": 1843, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1844, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category", "content": "4" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1845, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name", "content": "Local AppData" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1846, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1847, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1848, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath", "content": "AppData\\Local" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1849, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,354", "eid": 1850, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1851, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1852, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1853, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1854, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1855, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1856, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1857, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1858, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1859, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1860, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1861, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1862, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1863, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1864, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1865, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData", "content": "%USERPROFILE%\\AppData\\Local" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1866, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1867, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name", "content": "Profile" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1868, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1869, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1870, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1871, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1872, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1873, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1874, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1875, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1876, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1877, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1878, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1879, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1880, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1881, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1882, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1883, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1884, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1885, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1886, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1887, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,369", "eid": 1888, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3968686040-3210279463-847977608-1001\\ProfileImagePath", "content": "C:\\Users\\admin" } }, { "event": "create", "object": "dir", "timestamp": "2026-05-28 21:44:21,369", "eid": 1889, "data": { "file": "C:\\Users\\admin" } }, { "event": "create", "object": "dir", "timestamp": "2026-05-28 21:44:21,369", "eid": 1890, "data": { "file": "C:\\Users\\admin\\AppData\\Local" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,369", "eid": 1891, "data": { "file": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,463", "eid": 1892, "data": { "file": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,541", "eid": 1893, "data": { "file": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:21,557", "eid": 1894, "data": { "file": "C:\\Users\\admin\\AppData\\Local\\IconCache.db" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,635", "eid": 1895, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter", "content": "8" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:21,635", "eid": 1896, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter", "content": "5" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:22,604", "eid": 1897, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:22,822", "eid": 1898, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:22,822", "eid": 1899, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:22,947", "eid": 1900, "data": { "file": "C:\\Windows\\System32\\actxprxy.dll", "pathtofile": null, "moduleaddress": "0x7ffc24b40000" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:22,947", "eid": 1901, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\\ProxyStubClsid32\\(Default)", "content": "{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,135", "eid": 1902, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,135", "eid": 1903, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,260", "eid": 1904, "data": { "file": "C:\\Windows\\System32\\thumbcache.dll", "pathtofile": null, "moduleaddress": "0x7ffc14d00000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,260", "eid": 1905, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "create", "object": "dir", "timestamp": "2026-05-28 21:44:23,260", "eid": 1906, "data": { "file": "C:\\Users\\admin" } }, { "event": "create", "object": "dir", "timestamp": "2026-05-28 21:44:23,260", "eid": 1907, "data": { "file": "C:\\Users\\admin\\AppData\\Local" } }, { "event": "create", "object": "dir", "timestamp": "2026-05-28 21:44:23,260", "eid": 1908, "data": { "file": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Explorer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1909, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1910, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\CAPEAgent", "content": "\"C:\\Users\\admin\\AppData\\Local\\Microsoft\\WindowsApps\\python.exe\" \"C:\\agent.py\"" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1911, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\CAPEAgent", "content": "\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,275", "eid": 1912, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1913, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1914, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1915, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1916, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1917, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1918, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1919, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1920, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1921, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1922, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1923, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1924, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags", "content": "1581568" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1925, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1926, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1927, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1928, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1929, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,275", "eid": 1930, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1931, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00R\\xbd\\xbb\\x88\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1932, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1933, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00&\\x00\\xbc\\x12\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1934, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1935, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x9d\\x7f\\xd7`\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x00e\\x003\\x002\\x00a\\x009\\x004\\x004\\x002\\x00-\\x005\\x00a\\x00f\\x002\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00a\\x00e\\x002\\x00c\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00E\\x00D\\x00D\\x00C\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1936, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1937, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data", "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x80#\\x00\\x00\\x00\\x07\\x02H\\x01\\xfe\\x00\\x00\\x00\\x11\\x00\\x00\\x00x\\x00'\\xca\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00C\\x00S\\x00I\\x00#\\x00C\\x00d\\x00R\\x00o\\x00m\\x00&\\x00V\\x00e\\x00n\\x00_\\x00<\\x00W\\x00O\\x00O\\x00T\\x00>\\x00&\\x00P\\x00r\\x00o\\x00d\\x00_\\x00H\\x00L\\x00-\\x00P\\x00Q\\x00-\\x00S\\x00V\\x00_\\x00W\\x00B\\x008\\x00#\\x004\\x00&\\x003\\x005\\x004\\x002\\x004\\x008\\x006\\x007\\x00&\\x000\\x00&\\x000\\x001\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,322", "eid": 1938, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation", "content": "1" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,494", "eid": 1939, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,494", "eid": 1940, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,619", "eid": 1941, "data": { "file": "C:\\Windows\\System32\\propsys.dll", "pathtofile": null, "moduleaddress": "0x7ffc27140000" } }, { "event": "create", "object": "dir", "timestamp": "2026-05-28 21:44:23,619", "eid": 1942, "data": { "file": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,635", "eid": 1943, "data": { "file": "C:\\Users\\desktop.ini" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1944, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1945, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1946, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState", "content": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1947, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1948, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1949, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1950, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1951, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1952, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1953, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1954, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1955, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1956, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1957, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1958, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1959, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1960, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1961, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1962, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1963, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1964, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1965, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1966, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1967, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1968, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1969, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1970, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1971, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1972, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1973, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1974, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1975, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1976, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\AlwaysShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1977, "data": { "regkey": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1978, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1979, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1980, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe", "content": "program" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,635", "eid": 1981, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type", "content": "application/x-msdownload" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,635", "eid": 1982, "data": { "file": "ntdll.dll", "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1983, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1984, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)", "content": "exefile" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1985, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1986, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1987, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1988, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1989, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type", "content": "application/x-msdownload" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1990, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1991, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1992, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1993, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1994, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1995, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,650", "eid": 1996, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1997, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,650", "eid": 1998, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,650", "eid": 1999, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,650", "eid": 2000, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,650", "eid": 2001, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,650", "eid": 2002, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2003, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,666", "eid": 2004, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,666", "eid": 2005, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,666", "eid": 2006, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2007, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2008, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\" } }, { "event": "write", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2009, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2010, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2011, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2012, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2013, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2014, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\OneDrive", "content": "\"C:\\Users\\admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /background" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2015, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\OneDrive", "content": "\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2016, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2017, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2018, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2019, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2020, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2021, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord", "content": "\"C:\\Users\\admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,666", "eid": 2022, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Discord", "content": "\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2023, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,666", "eid": 2024, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2025, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2026, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2027, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2028, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2029, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2030, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2031, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2032, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2033, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,682", "eid": 2034, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2035, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,697", "eid": 2036, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,697", "eid": 2037, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,697", "eid": 2038, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2039, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2040, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2041, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2042, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2043, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,697", "eid": 2044, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,697", "eid": 2045, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,697", "eid": 2046, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2047, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2048, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2049, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2050, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2051, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2052, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2053, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2054, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2055, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2056, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2057, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2058, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2059, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,697", "eid": 2060, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,713", "eid": 2061, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,713", "eid": 2062, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,713", "eid": 2063, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,713", "eid": 2064, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,713", "eid": 2065, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2066, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2067, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2068, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2069, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2070, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2071, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2072, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2073, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2074, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2075, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2076, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2077, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2078, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,760", "eid": 2079, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2080, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,760", "eid": 2081, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,775", "eid": 2082, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,775", "eid": 2083, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,775", "eid": 2084, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,775", "eid": 2085, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,775", "eid": 2086, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Steam", "content": "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,775", "eid": 2087, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\Steam", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2088, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2089, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2090, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2091, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2092, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2093, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2094, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,775", "eid": 2095, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,775", "eid": 2096, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,775", "eid": 2097, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2098, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2099, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2100, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2101, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2102, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2103, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2104, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2105, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2106, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2107, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2108, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2109, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2110, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2111, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2112, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,775", "eid": 2113, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2114, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2115, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2116, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2117, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2118, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,791", "eid": 2119, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,791", "eid": 2120, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,791", "eid": 2121, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2122, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,791", "eid": 2123, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,838", "eid": 2124, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,838", "eid": 2125, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,854", "eid": 2126, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2127, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation", "content": "1" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,854", "eid": 2128, "data": { "file": "C:\\Program Files (x86)\\desktop.ini" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,854", "eid": 2129, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,854", "eid": 2130, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,854", "eid": 2131, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,854", "eid": 2132, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,854", "eid": 2133, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "file", "timestamp": "2026-05-28 21:44:23,854", "eid": 2134, "data": { "file": "C:\\Windows\\System32\\conhost.exe" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2135, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2136, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "content": "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --win-session-start" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2137, "data": { "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,854", "eid": 2138, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,854", "eid": 2139, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2140, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2141, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2142, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\DllPath", "content": "C:\\Windows\\System32\\Windows.ApplicationModel.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2143, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2144, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\TrustLevel", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2145, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2146, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateAsUser", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2147, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2148, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2149, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:23,854", "eid": 2150, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Internal.StartupTaskInternal\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,994", "eid": 2151, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:23,994", "eid": 2152, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,275", "eid": 2153, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,275", "eid": 2154, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,369", "eid": 2155, "data": { "file": "C:\\Windows\\System32\\Windows.ApplicationModel.dll", "pathtofile": null, "moduleaddress": "0x7ffc19ae0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,369", "eid": 2156, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,369", "eid": 2157, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\automatedAppLaunch", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,369", "eid": 2158, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\AdminCapabilities\\automatedAppLaunch", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2159, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivationType", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2160, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Server", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2161, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\DllPath", "content": "C:\\Windows\\System32\\combase.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2162, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Threading", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2163, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2164, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2165, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2166, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2167, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2168, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2169, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Diagnostics.AsyncCausalityTracer\\ActivateOnHostFlags", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,416", "eid": 2170, "data": { "file": "C:\\Windows\\System32\\combase.dll", "pathtofile": null, "moduleaddress": "0x7ffc2b400000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,416", "eid": 2171, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2172, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2173, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2174, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2175, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2176, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2177, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2178, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2179, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2180, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2181, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2182, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.ApplicationExtension\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2183, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2184, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2185, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2186, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2187, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions", "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2188, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2189, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType", "content": "2" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2190, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2191, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity", "content": "nt authority\\system" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2192, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2193, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2194, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2195, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2196, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2197, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2198, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2199, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2200, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2201, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2202, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2203, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2204, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)", "content": "PSFactoryBuffer" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2205, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2206, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2207, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)", "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2208, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel", "content": "Both" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,416", "eid": 2209, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID", "content": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,713", "eid": 2210, "data": { "file": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll", "pathtofile": null, "moduleaddress": "0x7ffc1beb0000" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:24,713", "eid": 2211, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2212, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)", "content": "{00000320-0000-0000-C000-000000000046}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2213, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2214, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivationType", "content": "1" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2215, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Server", "content": "StateRepository" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2216, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\DllPath", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2217, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Threading", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2218, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\TrustLevel", "content": "0" } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2219, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\RemoteServer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2220, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateAsUser", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2221, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInSharedBroker", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2222, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateInBrokerForMediumILContainer", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2223, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\Permissions", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2224, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.Package\\ActivateOnHostFlags", "content": null } }, { "event": "read", "object": "registry", "timestamp": "2026-05-28 21:44:24,713", "eid": 2225, "data": { "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\\ProxyStubClsid32\\(Default)", "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}" } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:25,338", "eid": 2226, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:25,338", "eid": 2227, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:25,822", "eid": 2228, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:25,822", "eid": 2229, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:26,150", "eid": 2230, "data": { "file": null, "pathtofile": null, "moduleaddress": null } }, { "event": "load", "object": "library", "timestamp": "2026-05-28 21:44:26,150", "eid": 2231, "data": { "file": null, "pathtofile": null, "moduleaddress": null } } ], "encryptedbuffers": [], "network_map": { "endpoint_map": {}, "http_host_map": {}, "dns_intents": {}, "http_requests": [], "winhttp_sessions": [], "com_activations": [] } }, "debug": { "log": "2026-05-28 20:40:10,002 [root] INFO: Date set to: 20260528T17:41:32, timeout set to: 600\n2026-05-28 17:41:32,006 [root] DEBUG: Starting analyzer from: C:\\q61py415\n2026-05-28 17:41:32,006 [root] DEBUG: Storing results at: C:\\BzuLYXQUrs\n2026-05-28 17:41:32,015 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\IkRdYsEaKU\n2026-05-28 17:41:32,016 [root] DEBUG: Python path: C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64\n2026-05-28 17:41:32,016 [root] INFO: analysis running as an admin\n2026-05-28 17:41:32,016 [root] INFO: analysis package specified: \"edge\"\n2026-05-28 17:41:32,016 [root] DEBUG: importing analysis package module: \"modules.packages.edge\"...\n2026-05-28 17:41:32,021 [root] DEBUG: imported analysis package \"edge\"\n2026-05-28 17:41:32,023 [root] DEBUG: initializing analysis package \"edge\"...\n2026-05-28 17:41:32,023 [root] DEBUG: New location of moved file: https://sugarcraft(dot)net/\n2026-05-28 17:41:32,023 [root] INFO: Analyzer: Package modules.packages.edge does not specify a dll option\n2026-05-28 17:41:32,024 [root] INFO: Analyzer: Package modules.packages.edge does not specify a dll_64 option\n2026-05-28 17:41:32,024 [root] INFO: Analyzer: Package modules.packages.edge does not specify a loader option\n2026-05-28 17:41:32,024 [root] INFO: Analyzer: Package modules.packages.edge does not specify a loader_64 option\n2026-05-28 17:41:32,076 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-05-28 17:41:32,079 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-05-28 17:41:32,090 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-05-28 17:41:32,096 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-05-28 17:41:32,100 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-05-28 17:41:32,100 [lib.api.screenshot] ERROR: No module named 'PIL'\n2026-05-28 17:41:32,100 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-05-28 17:41:32,102 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-05-28 17:41:32,102 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-05-28 17:41:32,102 [root] DEBUG: attempting to configure 'Browser' from data\n2026-05-28 17:41:32,103 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-05-28 17:41:32,103 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-05-28 17:41:32,103 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-05-28 17:41:32,103 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-05-28 17:41:32,103 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-05-28 17:41:32,104 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-05-28 17:41:32,104 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-05-28 17:41:32,104 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file\n2026-05-28 17:41:32,104 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-05-28 17:41:32,104 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-05-28 17:41:32,105 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-05-28 17:41:32,105 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-05-28 17:41:32,105 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-05-28 17:41:32,107 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 2672)\n2026-05-28 17:41:32,110 [modules.auxiliary.disguise] INFO: Disguising GUID to 6575d657-0ae1-4491-884c-aa1cccdd08f8\n2026-05-28 17:41:32,110 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-05-28 17:41:32,110 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-05-28 17:41:32,111 [root] DEBUG: attempting to configure 'Human' from data\n2026-05-28 17:41:32,111 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-05-28 17:41:32,111 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-05-28 17:41:32,113 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-05-28 17:41:32,113 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-05-28 17:41:32,113 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-05-28 17:41:32,114 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-05-28 17:41:32,114 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-05-28 17:41:32,118 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled\n2026-05-28 17:41:32,119 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-05-28 17:41:32,119 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-05-28 17:41:32,120 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-05-28 17:41:32,120 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-05-28 17:41:32,120 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-05-28 17:41:32,122 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process\n2026-05-28 17:41:32,123 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-05-28 17:41:32,124 [root] INFO: Interactive mode enabled - injecting into explorer shell\n2026-05-28 17:41:32,184 [lib.api.process] INFO: Monitor config for process 4248: C:\\q61py415\\dll\\4248.ini\n2026-05-28 17:41:32,185 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:32,188 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:32,233 [root] DEBUG: Loader: Injecting process 4248 with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:32,404 [root] DEBUG: 4248: Python path set to 'C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64'.\n2026-05-28 17:41:32,405 [root] DEBUG: 4248: Disabling sleep skipping.\n2026-05-28 17:41:32,405 [root] DEBUG: 4248: Interactive desktop enabled.\n2026-05-28 17:41:32,406 [root] DEBUG: 4248: Dropped file limit defaulting to 100.\n2026-05-28 17:41:32,406 [root] DEBUG: 4248: Interactive desktop - injecting Explorer Shell\n2026-05-28 17:41:32,414 [root] DEBUG: 4248: YaraInit: Compiled 44 rule files\n2026-05-28 17:41:32,416 [root] DEBUG: 4248: YaraInit: Compiled rules saved to file C:\\q61py415\\data\\yara\\capemon.yac\n2026-05-28 17:41:32,438 [root] DEBUG: 4248: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0\n2026-05-28 17:41:32,439 [root] DEBUG: 4248: YaraScan: Scanning 0x00007FF651080000, size 0x545316\n2026-05-28 17:41:32,496 [root] DEBUG: 4248: Monitor initialised: 64-bit capemon loaded in process 4248 at 0x00007FFC14380000, thread 964, image base 0x00007FF651080000, stack from 0x0000000002AC1000-0x0000000002AD0000\n2026-05-28 17:41:32,497 [root] DEBUG: 4248: Commandline: C:\\Windows\\Explorer.EXE\n2026-05-28 17:41:32,509 [root] DEBUG: 4248: Hooked 69 out of 69 functions\n2026-05-28 17:41:32,540 [root] DEBUG: 4248: Syscall hook installed, syscall logging level 1\n2026-05-28 17:41:32,546 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-05-28 17:41:32,546 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:32,548 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:36,492 [root] DEBUG: 4248: caller_dispatch: Added region at 0x00007FF651080000 to tracked regions list (ntdll::NtDuplicateObject returns to 0x00007FF65125D17E, thread 4908).\n2026-05-28 17:41:36,493 [root] DEBUG: 4248: YaraScan: Scanning 0x00007FF651080000, size 0x545316\n2026-05-28 17:41:36,528 [root] DEBUG: 4248: ProcessImageBase: Main module image at 0x00007FF651080000 unmodified (entropy change 0.000000e+00)\n2026-05-28 17:41:39,791 [root] INFO: Restarting WMI Service\n2026-05-28 17:41:40,842 [root] DEBUG: 4248: CreateProcessHandler: Injection info set for new process 2072: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:40,844 [root] INFO: Announced 64-bit process name: chrome.exe pid: 2072\n2026-05-28 17:41:40,845 [lib.api.process] INFO: Monitor config for process 2072: C:\\q61py415\\dll\\2072.ini\n2026-05-28 17:41:40,846 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:40,847 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:40,851 [root] DEBUG: Loader: Injecting process 2072 (thread 1884) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:40,852 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:41:40,852 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:40,853 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:40,854 [root] INFO: Announced 64-bit process name: chrome.exe pid: 2072\n2026-05-28 17:41:40,854 [lib.api.process] INFO: Monitor config for process 2072: C:\\q61py415\\dll\\2072.ini\n2026-05-28 17:41:40,855 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:40,855 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:40,859 [root] DEBUG: Loader: Injecting process 2072 (thread 1884) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:40,859 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-05-28 17:41:40,860 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:40,861 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:40,950 [root] DEBUG: 2072: Python path set to 'C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64'.\n2026-05-28 17:41:40,951 [root] DEBUG: 2072: Interactive desktop enabled.\n2026-05-28 17:41:40,952 [root] DEBUG: 2072: Dropped file limit defaulting to 100.\n2026-05-28 17:41:40,956 [root] DEBUG: 2072: Chrome-specific hook-set enabled.\n2026-05-28 17:41:40,958 [root] DEBUG: 2072: Disabling sleep skipping.\n2026-05-28 17:41:40,960 [root] DEBUG: 2072: YaraInit: Compiled rules loaded from existing file C:\\q61py415\\data\\yara\\capemon.yac\n2026-05-28 17:41:40,972 [root] DEBUG: 2072: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0\n2026-05-28 17:41:40,973 [root] DEBUG: 2072: Monitor initialised: 64-bit capemon loaded in process 2072 at 0x00007FFC14380000, thread 1884, image base 0x00007FF78CD00000, stack from 0x00000036489F4000-0x0000003648A00000\n2026-05-28 17:41:40,973 [root] DEBUG: 2072: Commandline: \"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\"\n2026-05-28 17:41:40,980 [root] DEBUG: 2072: Hooked 2 out of 2 functions\n2026-05-28 17:41:41,008 [root] DEBUG: 2072: Syscall hook installed, syscall logging level 1\n2026-05-28 17:41:41,012 [root] DEBUG: 2072: RestoreHeaders: Restored original import table.\n2026-05-28 17:41:41,013 [root] INFO: Loaded monitor into process with pid 2072\n2026-05-28 17:41:41,014 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2B0C0000: C:\\Windows\\System32\\bcryptprimitives (0x82000 bytes).\n2026-05-28 17:41:41,032 [root] DEBUG: 2072: InstrumentationCallback: Added region at 0x00007FFC136D0014 (base 0x00007FFC13420000) to tracked regions list (thread 1884).\n2026-05-28 17:41:41,034 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,035 [root] DEBUG: 2072: DLL loaded at 0x00007FFC298F0000: C:\\Windows\\system32\\ntmarta (0x33000 bytes).\n2026-05-28 17:41:41,039 [root] DEBUG: 2072: caller_dispatch: Added region at 0x00007FF78CD00000 to tracked regions list (kernel32::CreateProcessInternalW returns to 0x00007FF78CD372AF, thread 1884).\n2026-05-28 17:41:41,042 [root] DEBUG: 2072: ProcessImageBase: Main module image at 0x00007FF78CD00000 unmodified (entropy change 0.000000e+00)\n2026-05-28 17:41:41,046 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,047 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,051 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,051 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,052 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A140000: C:\\Windows\\SYSTEM32\\Wldp (0x2d000 bytes).\n2026-05-28 17:41:41,055 [root] DEBUG: 2072: DLL loaded at 0x00007FFC288B0000: C:\\Windows\\SYSTEM32\\windows.storage (0x79b000 bytes).\n2026-05-28 17:41:41,061 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,061 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,062 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 1264: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:41,063 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 1264\n2026-05-28 17:41:41,067 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,068 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,070 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 1264\n2026-05-28 17:41:41,123 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,124 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,228 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,229 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,235 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,235 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,240 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,242 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,247 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,247 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,248 [root] DEBUG: 2072: DLL loaded at 0x00007FFC15250000: C:\\Windows\\SYSTEM32\\WINMM (0x27000 bytes).\n2026-05-28 17:41:41,249 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1E180000: C:\\Windows\\SYSTEM32\\DWrite (0x27f000 bytes).\n2026-05-28 17:41:41,249 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A4F0000: C:\\Windows\\SYSTEM32\\DPAPI (0xa000 bytes).\n2026-05-28 17:41:41,250 [root] DEBUG: 2072: DLL loaded at 0x00007FFBD4D10000: C:\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome (0x10fdc000 bytes).\n2026-05-28 17:41:41,258 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,259 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,263 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,263 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,264 [root] DEBUG: 2072: DLL loaded at 0x00007FFC17FD0000: C:\\Windows\\SYSTEM32\\KBDUS (0x9000 bytes).\n2026-05-28 17:41:41,268 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,269 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,274 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,275 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,275 [root] DEBUG: 2072: DLL loaded at 0x00007FFC28160000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-05-28 17:41:41,281 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,282 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,283 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A6C0000: C:\\Windows\\SYSTEM32\\USERENV (0x2e000 bytes).\n2026-05-28 17:41:41,286 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,288 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,289 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29060000: C:\\Windows\\SYSTEM32\\gpapi (0x23000 bytes).\n2026-05-28 17:41:41,293 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,293 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,294 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29930000: C:\\Windows\\SYSTEM32\\wkscli (0x19000 bytes).\n2026-05-28 17:41:41,298 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,298 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,299 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29CA0000: C:\\Windows\\SYSTEM32\\netutils (0xc000 bytes).\n2026-05-28 17:41:41,310 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,311 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,314 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,315 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,315 [root] DEBUG: 2072: DLL loaded at 0x00007FFC17770000: C:\\Windows\\system32\\netapi32 (0x19000 bytes).\n2026-05-28 17:41:41,320 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,320 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,326 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,326 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,330 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270890e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,331 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,333 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29860000: C:\\Windows\\SYSTEM32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:41,334 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A090000: C:\\Windows\\SYSTEM32\\cryptsp (0x18000 bytes).\n2026-05-28 17:41:41,336 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27830000: C:\\Windows\\SYSTEM32\\DSREG (0x141000 bytes).\n2026-05-28 17:41:41,341 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,341 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,342 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A700000: C:\\Windows\\SYSTEM32\\profapi (0x25000 bytes).\n2026-05-28 17:41:41,361 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,364 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,370 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,371 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,375 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,375 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,380 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,380 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,386 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270890e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,386 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,387 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2B280000: C:\\Windows\\System32\\MSCTF (0x114000 bytes).\n2026-05-28 17:41:41,392 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,392 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,393 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,396 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,397 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A630000: C:\\Windows\\SYSTEM32\\powrprof (0x4b000 bytes).\n2026-05-28 17:41:41,398 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,399 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,402 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,403 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,403 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A560000: C:\\Windows\\SYSTEM32\\UMPDC (0x12000 bytes).\n2026-05-28 17:41:41,407 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270890e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,408 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,409 [root] DEBUG: 2072: DLL loaded at 0x00007FFC286B0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-05-28 17:41:41,415 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,415 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,419 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,419 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,423 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,424 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,429 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,430 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,435 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,435 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,436 [root] DEBUG: 2072: DLL loaded at 0x00007FFC171F0000: C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\\COMCTL32 (0x29a000 bytes).\n2026-05-28 17:41:41,440 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,440 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,446 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,446 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,451 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,451 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,452 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29B90000: C:\\Windows\\SYSTEM32\\IPHLPAPI (0x3b000 bytes).\n2026-05-28 17:41:41,452 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26180000: C:\\Windows\\system32\\NLAapi (0x1d000 bytes).\n2026-05-28 17:41:41,457 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,458 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,461 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2C7B0000: C:\\Windows\\System32\\NSI (0x8000 bytes).\n2026-05-28 17:41:41,465 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,466 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,466 [root] DEBUG: 2072: DLL loaded at 0x00007FFC232D0000: C:\\Windows\\SYSTEM32\\dhcpcsvc6 (0x17000 bytes).\n2026-05-28 17:41:41,470 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,471 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,471 [root] DEBUG: 2072: DLL loaded at 0x00007FFC232B0000: C:\\Windows\\SYSTEM32\\dhcpcsvc (0x1d000 bytes).\n2026-05-28 17:41:41,476 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,477 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,477 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29BD0000: C:\\Windows\\SYSTEM32\\DNSAPI (0xca000 bytes).\n2026-05-28 17:41:41,482 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,483 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,488 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,489 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,493 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,494 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,499 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,500 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,503 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,504 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,504 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2C9C0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-05-28 17:41:41,510 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,511 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,515 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,516 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,521 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,523 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,527 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,528 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,532 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,532 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,536 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,536 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,538 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27DC0000: C:\\Windows\\System32\\CoreMessaging (0xf2000 bytes).\n2026-05-28 17:41:41,539 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26FE0000: C:\\Windows\\SYSTEM32\\wintypes (0x155000 bytes).\n2026-05-28 17:41:41,539 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27980000: C:\\Windows\\System32\\CoreUIComponents (0x35b000 bytes).\n2026-05-28 17:41:41,540 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1FA90000: C:\\Windows\\SYSTEM32\\textinputframework (0xf9000 bytes).\n2026-05-28 17:41:41,546 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,547 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,547 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25980000: C:\\Windows\\System32\\twinapi.appcore (0x203000 bytes).\n2026-05-28 17:41:41,552 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,555 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,556 [root] DEBUG: 2072: DLL loaded at 0x00007FFC17530000: C:\\Windows\\system32\\twinapi (0xa9000 bytes).\n2026-05-28 17:41:41,561 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270896e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,561 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,567 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,568 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,573 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,573 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,577 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,578 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,583 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,584 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,591 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,591 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,595 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,595 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,599 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,600 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,604 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270907e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,605 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,606 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25B90000: C:\\Windows\\System32\\WindowManagementAPI (0xa1000 bytes).\n2026-05-28 17:41:41,606 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27140000: C:\\Windows\\System32\\PROPSYS (0xf6000 bytes).\n2026-05-28 17:41:41,607 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1F650000: C:\\Windows\\System32\\InputHost (0x152000 bytes).\n2026-05-28 17:41:41,607 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1FB90000: C:\\Windows\\System32\\Windows.UI (0x141000 bytes).\n2026-05-28 17:41:41,614 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,615 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,615 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,617 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,622 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,623 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,623 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,624 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29860000: C:\\Windows\\SYSTEM32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:41,624 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,625 [root] DEBUG: 2072: DLL loaded at 0x00007FFC20270000: C:\\Windows\\SYSTEM32\\MDMRegistration (0x68000 bytes).\n2026-05-28 17:41:41,629 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,630 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,630 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27460000: C:\\Windows\\SYSTEM32\\WTSAPI32 (0x14000 bytes).\n2026-05-28 17:41:41,635 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270907e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,635 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,636 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A500000: C:\\Windows\\SYSTEM32\\WINSTA (0x5b000 bytes).\n2026-05-28 17:41:41,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270910e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,642 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,660 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270910e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,660 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,661 [root] DEBUG: 2072: DLL loaded at 0x00007FFC257D0000: C:\\Windows\\SYSTEM32\\ColorAdapterClient (0x11000 bytes).\n2026-05-28 17:41:41,662 [root] DEBUG: 2072: DLL loaded at 0x00007FFC257F0000: C:\\Windows\\SYSTEM32\\mscms (0xae000 bytes).\n2026-05-28 17:41:41,671 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,672 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,673 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270910e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,676 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,677 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,681 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,681 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,682 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,682 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,686 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,687 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,689 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,689 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,690 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,690 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,691 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,692 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2ACD0000: C:\\Windows\\System32\\cfgmgr32 (0x4e000 bytes).\n2026-05-28 17:41:41,693 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A490000: C:\\Windows\\System32\\DEVOBJ (0x33000 bytes).\n2026-05-28 17:41:41,695 [root] DEBUG: 2072: DLL loaded at 0x00007FFC23860000: C:\\Windows\\System32\\MMDevApi (0x85000 bytes).\n2026-05-28 17:41:41,696 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,701 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,702 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,702 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,708 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,711 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,712 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,712 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,725 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,726 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,730 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,731 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 4360: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:41,732 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 3136: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:41,733 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,733 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,734 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,735 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4360\n2026-05-28 17:41:41,744 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 3136\n2026-05-28 17:41:41,744 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,744 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,749 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,749 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,750 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,750 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,751 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,751 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,752 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4360\n2026-05-28 17:41:41,758 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 3136\n2026-05-28 17:41:41,759 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,760 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,761 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,764 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,778 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,779 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,787 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,794 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,799 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A090000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x18000 bytes).\n2026-05-28 17:41:41,813 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,814 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A1B0000: C:\\Windows\\SYSTEM32\\ncrypt (0x27000 bytes).\n2026-05-28 17:41:41,819 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,821 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2B260000: C:\\Windows\\System32\\imagehlp (0x1d000 bytes).\n2026-05-28 17:41:41,825 [root] DEBUG: 2072: DLL loaded at 0x00007FFC236C0000: C:\\Windows\\SYSTEM32\\tbs (0x1b000 bytes).\n2026-05-28 17:41:41,829 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1AF70000: C:\\Windows\\SYSTEM32\\DMCmnUtils (0x7c000 bytes).\n2026-05-28 17:41:41,842 [root] DEBUG: 2072: DLL loaded at 0x00007FFC20230000: C:\\Windows\\SYSTEM32\\omadmapi (0x3a000 bytes).\n2026-05-28 17:41:41,844 [root] DEBUG: package modules.packages.edge does not support configure, ignoring\n2026-05-28 17:41:41,845 [root] WARNING: configuration error for package modules.packages.edge: error importing data.packages.edge: No module named 'data.packages'\n2026-05-28 17:41:41,847 [lib.core.compound] INFO: C:\\Users\\admin\\AppData\\Local\\Temp already exists, skipping creation\n2026-05-28 17:41:41,852 [lib.api.process] INFO: Successfully executed process from path \"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" with arguments \"\"https://sugarcraft(dot)net/\"\" with pid 2208\n2026-05-28 17:41:41,853 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,853 [lib.api.process] INFO: Monitor config for process 2208: C:\\q61py415\\dll\\2208.ini\n2026-05-28 17:41:41,854 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,855 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:41,856 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A170000: C:\\Windows\\SYSTEM32\\NTASN1 (0x3b000 bytes).\n2026-05-28 17:41:41,857 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:41,866 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,869 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,871 [root] DEBUG: Loader: Injecting process 2208 (thread 5180) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:41,872 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1E400000: C:\\Windows\\System32\\Windows.UI.Immersive (0x139000 bytes).\n2026-05-28 17:41:41,886 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,887 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,888 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,888 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:41:41,892 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,899 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:41,900 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,901 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A580000: C:\\Windows\\SYSTEM32\\sxs (0xa2000 bytes).\n2026-05-28 17:41:41,902 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:41,906 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,914 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,915 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,915 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,915 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,916 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 5756: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:41,934 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,935 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,940 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,955 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,955 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5756\n2026-05-28 17:41:41,964 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,965 [root] DEBUG: 2072: DLL loaded at 0x00007FFC22A50000: C:\\Windows\\SYSTEM32\\WINHTTP (0x10a000 bytes).\n2026-05-28 17:41:41,972 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,978 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,979 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,979 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,980 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,981 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,989 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,995 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:41,996 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:41,997 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,000 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,001 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,006 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,007 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,009 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,020 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,024 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,026 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5756\n2026-05-28 17:41:42,032 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,033 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,034 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,040 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,048 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,049 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,058 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,059 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,060 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,063 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,065 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,065 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,066 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,073 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,074 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,075 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,093 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,095 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,100 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,101 [root] DEBUG: 2072: DLL loaded at 0x00007FFC284D0000: C:\\Windows\\System32\\RMCLIENT (0x2a000 bytes).\n2026-05-28 17:41:42,102 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,103 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,105 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,106 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26310000: C:\\Windows\\System32\\XmlLite (0x36000 bytes).\n2026-05-28 17:41:42,107 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,107 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,109 [root] DEBUG: 2072: DLL loaded at 0x00007FFC16860000: C:\\Windows\\System32\\wpnapps (0x15b000 bytes).\n2026-05-28 17:41:42,112 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,115 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,117 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,118 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,119 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25960000: C:\\Windows\\SYSTEM32\\usermgrcli (0x16000 bytes).\n2026-05-28 17:41:42,124 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,124 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,125 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,125 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,126 [root] DEBUG: 2072: DLL loaded at 0x00007FFC0C8D0000: C:\\Windows\\System32\\CryptoWinRT (0x61000 bytes).\n2026-05-28 17:41:42,129 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,130 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,135 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,135 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,135 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,136 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,140 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,140 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,140 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,141 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,142 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A1B0000: C:\\Windows\\System32\\ncrypt (0x27000 bytes).\n2026-05-28 17:41:42,142 [root] DEBUG: 2072: DLL loaded at 0x00007FFC23C70000: C:\\Windows\\System32\\cryptngc (0x77000 bytes).\n2026-05-28 17:41:42,149 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,149 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,149 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,150 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,151 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A170000: C:\\Windows\\System32\\NTASN1 (0x3b000 bytes).\n2026-05-28 17:41:42,154 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,154 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,155 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,156 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,157 [root] DEBUG: 2072: DLL loaded at 0x00007FFC0C8A0000: C:\\Windows\\system32\\ngcksp (0x27000 bytes).\n2026-05-28 17:41:42,161 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270950e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,162 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,164 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,165 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,165 [root] DEBUG: 2072: DLL loaded at 0x00007FFC0D0A0000: C:\\Windows\\System32\\CapabilityAccessManagerClient (0x3f000 bytes).\n2026-05-28 17:41:42,171 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,171 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,177 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,182 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,188 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,188 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,194 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,195 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,196 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29090000: C:\\Windows\\system32\\dxgi (0xf3000 bytes).\n2026-05-28 17:41:42,197 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26D70000: C:\\Windows\\system32\\d3d11 (0x263000 bytes).\n2026-05-28 17:41:42,198 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27240000: C:\\Windows\\system32\\dcomp (0x1e3000 bytes).\n2026-05-28 17:41:42,198 [root] DEBUG: 2072: DLL loaded at 0x00007FFC14FC0000: C:\\Windows\\system32\\dataexchange (0x3e000 bytes).\n2026-05-28 17:41:42,203 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,203 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,204 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,204 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,206 [root] DEBUG: 2072: DLL loaded at 0x00007FFC24D40000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7d0000 bytes).\n2026-05-28 17:41:42,216 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,217 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,218 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,219 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,220 [root] DEBUG: 2072: DLL loaded at 0x00007FFC293F0000: C:\\Windows\\System32\\FirewallAPI (0x96000 bytes).\n2026-05-28 17:41:42,223 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,228 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,230 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,234 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,235 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,236 [root] DEBUG: 2072: DLL loaded at 0x00007FFC293B0000: C:\\Windows\\System32\\fwbase (0x36000 bytes).\n2026-05-28 17:41:42,248 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,257 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,259 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,260 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,260 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,261 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,264 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,266 [root] DEBUG: 2072: DLL loaded at 0x00007FFC23800000: C:\\Windows\\System32\\usermgrproxy (0x54000 bytes).\n2026-05-28 17:41:42,269 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,272 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,274 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,276 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,277 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,278 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,279 [root] DEBUG: 2072: DLL loaded at 0x00007FFC06820000: C:\\Windows\\System32\\Windows.Media (0x726000 bytes).\n2026-05-28 17:41:42,282 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,284 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,284 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,285 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,285 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,288 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,290 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,292 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,293 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,295 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,300 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,301 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,301 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,303 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,305 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,307 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,309 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 4648: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:42,310 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,311 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1BE00000: C:\\Windows\\SYSTEM32\\LINKINFO (0xd000 bytes).\n2026-05-28 17:41:42,315 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,316 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4648\n2026-05-28 17:41:42,319 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,320 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,321 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,322 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 5668: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:42,322 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,323 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,327 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,328 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5668\n2026-05-28 17:41:42,328 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,329 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,331 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,332 [root] DEBUG: 2072: DLL loaded at 0x00007FFC283C0000: C:\\Windows\\SYSTEM32\\dwmapi (0x2f000 bytes).\n2026-05-28 17:41:42,333 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,337 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,340 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,341 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,341 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,341 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4648\n2026-05-28 17:41:42,342 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,342 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,343 [root] DEBUG: 2072: DLL loaded at 0x00007FFC15030000: C:\\Windows\\SYSTEM32\\OLEACC (0x66000 bytes).\n2026-05-28 17:41:42,347 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,347 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,348 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,348 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,351 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,353 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,355 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,356 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5668\n2026-05-28 17:41:42,356 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,357 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,357 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,363 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,369 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,370 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,370 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1D050000: C:\\Windows\\system32\\directmanipulation (0x9d000 bytes).\n2026-05-28 17:41:42,371 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,379 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,384 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,385 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,390 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,410 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,463 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,465 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,465 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,465 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,466 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,467 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,467 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,470 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,472 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,479 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,480 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,485 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,485 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,486 [root] DEBUG: 2072: DLL loaded at 0x00007FFC14D70000: C:\\Windows\\system32\\explorerframe (0x244000 bytes).\n2026-05-28 17:41:42,491 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,492 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,493 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,497 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,497 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,498 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,499 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,501 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,502 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,539 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,550 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 8428: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:42,551 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,552 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,555 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,555 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,556 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,556 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,557 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,557 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,558 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,573 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8428\n2026-05-28 17:41:42,578 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,579 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,605 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,622 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,623 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,624 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,625 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,627 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,628 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,629 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,629 [root] DEBUG: 2072: DLL loaded at 0x00007FFC22E90000: C:\\Windows\\system32\\wlanapi (0x74000 bytes).\n2026-05-28 17:41:42,635 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,636 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,637 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,640 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,641 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,641 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,643 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8428\n2026-05-28 17:41:42,643 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,647 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,650 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,651 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,659 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,660 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,662 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,663 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,665 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,666 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A2D0000: C:\\Windows\\SYSTEM32\\MSASN1 (0x12000 bytes).\n2026-05-28 17:41:42,672 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,673 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,674 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,682 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,683 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,689 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,694 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,697 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,698 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,698 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,699 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,700 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,704 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,705 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,706 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,706 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A090000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x18000 bytes).\n2026-05-28 17:41:42,713 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,714 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,716 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,723 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,724 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,724 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,727 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,729 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,729 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,730 [root] DEBUG: 2072: DLL loaded at 0x00007FFC297D0000: C:\\Windows\\system32\\rsaenh (0x34000 bytes).\n2026-05-28 17:41:42,734 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,735 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,736 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,746 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,747 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,748 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,757 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,759 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,762 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,763 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,763 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,764 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,767 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,769 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,770 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,770 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,776 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,781 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,785 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,786 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,788 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,813 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,813 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,814 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,816 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,818 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,819 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,820 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,821 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,826 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,826 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,826 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,827 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,831 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,832 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,832 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,833 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,836 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,837 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,838 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,838 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,842 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,843 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,843 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,844 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,848 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,849 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,850 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,850 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,852 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,853 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,855 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,855 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,859 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,860 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,865 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,866 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,870 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,871 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,875 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,876 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,881 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,881 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,885 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,886 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,890 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,890 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,896 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,897 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,901 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,901 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,906 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,906 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,912 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,913 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,917 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,919 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,923 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,924 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,928 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,928 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,933 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,933 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,937 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,938 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,943 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,943 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,947 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,948 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,953 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,954 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,972 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,973 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,974 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,974 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,975 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,976 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,978 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,979 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,980 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,981 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,981 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,986 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,987 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,988 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:42,988 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,989 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:42,999 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,000 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,000 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,000 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,004 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,006 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,008 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,008 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,012 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,013 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,017 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,017 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,022 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,022 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,028 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,028 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,029 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,032 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,036 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,036 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,044 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,046 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,046 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,053 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,058 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,059 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,063 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,064 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,069 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,070 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,078 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,079 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,087 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,088 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,093 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,093 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,098 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,106 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,115 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,120 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,133 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,136 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,137 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,138 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,143 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,146 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,148 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,156 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,159 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 9436: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:41:43,160 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,161 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 9436\n2026-05-28 17:41:43,166 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,169 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,170 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,171 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,173 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,174 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,175 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 9436\n2026-05-28 17:41:43,176 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,188 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,189 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,189 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,190 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,190 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,196 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,196 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,197 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,204 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,205 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,206 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,210 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,215 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,215 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,216 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,220 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,221 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,221 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,226 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,227 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,231 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,232 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,232 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,233 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,238 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,239 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,242 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,243 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,247 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,247 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,251 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,252 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,256 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,256 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,261 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,261 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,266 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,267 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,268 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,268 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,295 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,297 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,301 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,302 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,306 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,307 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,314 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,315 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,328 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,328 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,333 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,333 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,352 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,353 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,361 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,361 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,362 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,362 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,367 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,368 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,368 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,369 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,374 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,375 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,385 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,385 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,389 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,390 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,396 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,396 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,417 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,418 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,424 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,424 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,441 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,442 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,447 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,448 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,487 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,488 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,496 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,497 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,502 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,503 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,524 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,525 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,530 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,531 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,536 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,536 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,549 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,550 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,550 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,551 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,556 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,556 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,563 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,564 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,570 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,571 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,573 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,573 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,580 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,581 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,587 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,589 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,593 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,594 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,598 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,598 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,758 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,759 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,912 [lib.api.process] INFO: Successfully resumed process with pid 2208\n2026-05-28 17:41:43,928 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:43,929 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:43,950 [root] DEBUG: 2208: Python path set to 'C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64'.\n2026-05-28 17:41:43,951 [root] DEBUG: 2208: Interactive desktop enabled.\n2026-05-28 17:41:43,951 [root] DEBUG: 2208: Dropped file limit defaulting to 100.\n2026-05-28 17:41:43,959 [root] DEBUG: 2208: Edge-specific hook-set enabled.\n2026-05-28 17:41:43,961 [root] DEBUG: 2208: Disabling sleep skipping.\n2026-05-28 17:41:43,962 [root] DEBUG: 2208: YaraInit: Compiled rules loaded from existing file C:\\q61py415\\data\\yara\\capemon.yac\n2026-05-28 17:41:43,973 [root] DEBUG: 2208: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0\n2026-05-28 17:41:43,974 [root] DEBUG: 2208: Monitor initialised: 64-bit capemon loaded in process 2208 at 0x00007FFC14380000, thread 5180, image base 0x00007FF7B5F00000, stack from 0x000000A0977F4000-0x000000A097800000\n2026-05-28 17:41:43,974 [root] DEBUG: 2208: Commandline: \"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"https://sugarcraft(dot)net/\"\n2026-05-28 17:41:43,982 [root] DEBUG: 2208: Hooked 2 out of 2 functions\n2026-05-28 17:41:44,018 [root] DEBUG: 2208: Syscall hook installed, syscall logging level 1\n2026-05-28 17:41:44,022 [root] DEBUG: 2208: RestoreHeaders: Restored original import table.\n2026-05-28 17:41:44,023 [root] INFO: Loaded monitor into process with pid 2208\n2026-05-28 17:41:44,023 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B0C0000: C:\\Windows\\System32\\bcryptprimitives (0x82000 bytes).\n2026-05-28 17:41:44,025 [root] DEBUG: 2208: DLL loaded at 0x00007FFC19C80000: C:\\Windows\\SYSTEM32\\version (0xa000 bytes).\n2026-05-28 17:41:44,026 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B150000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-05-28 17:41:44,027 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A140000: C:\\Windows\\SYSTEM32\\Wldp (0x2d000 bytes).\n2026-05-28 17:41:44,027 [root] DEBUG: 2208: DLL loaded at 0x00007FFC288B0000: C:\\Windows\\SYSTEM32\\windows.storage (0x79b000 bytes).\n2026-05-28 17:41:44,028 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B150000: C:\\Windows\\System32\\SHCORE (0xad000 bytes).\n2026-05-28 17:41:44,029 [root] DEBUG: 2208: DLL loaded at 0x00007FFC298F0000: C:\\Windows\\SYSTEM32\\ntmarta (0x33000 bytes).\n2026-05-28 17:41:44,072 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15250000: C:\\Windows\\SYSTEM32\\WINMM (0x27000 bytes).\n2026-05-28 17:41:44,073 [root] DEBUG: 2208: DLL loaded at 0x00007FFBBE9A0000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge (0x136be000 bytes).\n2026-05-28 17:41:44,075 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17FD0000: C:\\Windows\\SYSTEM32\\KBDUS (0x9000 bytes).\n2026-05-28 17:41:44,077 [root] DEBUG: 2208: DLL loaded at 0x00007FFC28160000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-05-28 17:41:44,080 [root] DEBUG: 2208: DLL loaded at 0x00007FFC286B0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-05-28 17:41:44,081 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2C9C0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-05-28 17:41:44,081 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20250000: C:\\Windows\\System32\\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings (0x16000 bytes).\n2026-05-28 17:41:44,083 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\\Windows\\SYSTEM32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:44,083 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10176: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,084 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23B90000: C:\\Windows\\SYSTEM32\\policymanager (0xa1000 bytes).\n2026-05-28 17:41:44,085 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10176\n2026-05-28 17:41:44,086 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10176\n2026-05-28 17:41:44,088 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A6C0000: C:\\Windows\\SYSTEM32\\USERENV (0x2e000 bytes).\n2026-05-28 17:41:44,089 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29060000: C:\\Windows\\SYSTEM32\\gpapi (0x23000 bytes).\n2026-05-28 17:41:44,089 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29930000: C:\\Windows\\SYSTEM32\\wkscli (0x19000 bytes).\n2026-05-28 17:41:44,090 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29CA0000: C:\\Windows\\SYSTEM32\\netutils (0xc000 bytes).\n2026-05-28 17:41:44,091 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\\Windows\\SYSTEM32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:44,092 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17910000: C:\\Windows\\SYSTEM32\\MDMRegistration (0x68000 bytes).\n2026-05-28 17:41:44,093 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A630000: C:\\Windows\\SYSTEM32\\powrprof (0x4b000 bytes).\n2026-05-28 17:41:44,094 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A090000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x18000 bytes).\n2026-05-28 17:41:44,095 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A1B0000: C:\\Windows\\SYSTEM32\\ncrypt (0x27000 bytes).\n2026-05-28 17:41:44,095 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B260000: C:\\Windows\\System32\\imagehlp (0x1d000 bytes).\n2026-05-28 17:41:44,096 [root] DEBUG: 2208: DLL loaded at 0x00007FFC236C0000: C:\\Windows\\SYSTEM32\\tbs (0x1b000 bytes).\n2026-05-28 17:41:44,096 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1AF70000: C:\\Windows\\SYSTEM32\\DMCmnUtils (0x7c000 bytes).\n2026-05-28 17:41:44,097 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15500000: C:\\Windows\\SYSTEM32\\omadmapi (0x3a000 bytes).\n2026-05-28 17:41:44,098 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A560000: C:\\Windows\\SYSTEM32\\UMPDC (0x12000 bytes).\n2026-05-28 17:41:44,099 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A170000: C:\\Windows\\SYSTEM32\\NTASN1 (0x3b000 bytes).\n2026-05-28 17:41:44,100 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17770000: C:\\Windows\\SYSTEM32\\netapi32 (0x19000 bytes).\n2026-05-28 17:41:44,101 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\\Windows\\SYSTEM32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:44,102 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A090000: C:\\Windows\\SYSTEM32\\cryptsp (0x18000 bytes).\n2026-05-28 17:41:44,103 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27830000: C:\\Windows\\SYSTEM32\\DSREG (0x141000 bytes).\n2026-05-28 17:41:44,104 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A700000: C:\\Windows\\SYSTEM32\\profapi (0x25000 bytes).\n2026-05-28 17:41:44,111 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B280000: C:\\Windows\\System32\\MSCTF (0x114000 bytes).\n2026-05-28 17:41:44,112 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20230000: C:\\Windows\\System32\\AssignedAccessRuntime (0x14000 bytes).\n2026-05-28 17:41:44,112 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A630000: C:\\Windows\\SYSTEM32\\powrprof (0x4b000 bytes).\n2026-05-28 17:41:44,113 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A560000: C:\\Windows\\SYSTEM32\\UMPDC (0x12000 bytes).\n2026-05-28 17:41:44,116 [root] DEBUG: 2208: DLL loaded at 0x00007FFC21B30000: C:\\Windows\\System32\\SystemSettings.DataModel (0x74000 bytes).\n2026-05-28 17:41:44,118 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1E180000: C:\\Windows\\SYSTEM32\\DWrite (0x27f000 bytes).\n2026-05-28 17:41:44,120 [root] DEBUG: 2208: DLL loaded at 0x00007FFC171F0000: C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\\COMCTL32 (0x29a000 bytes).\n2026-05-28 17:41:44,122 [root] DEBUG: 2208: DLL loaded at 0x00007FFC24D40000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7d0000 bytes).\n2026-05-28 17:41:44,122 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A4F0000: C:\\Windows\\SYSTEM32\\DPAPI (0xa000 bytes).\n2026-05-28 17:41:44,124 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29B90000: C:\\Windows\\SYSTEM32\\IPHLPAPI (0x3b000 bytes).\n2026-05-28 17:41:44,124 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26180000: C:\\Windows\\system32\\NLAapi (0x1d000 bytes).\n2026-05-28 17:41:44,126 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2C7B0000: C:\\Windows\\System32\\NSI (0x8000 bytes).\n2026-05-28 17:41:44,127 [root] DEBUG: 2208: DLL loaded at 0x00007FFC232D0000: C:\\Windows\\SYSTEM32\\dhcpcsvc6 (0x17000 bytes).\n2026-05-28 17:41:44,127 [root] DEBUG: 2208: DLL loaded at 0x00007FFC216E0000: C:\\Windows\\System32\\StructuredQuery (0xa6000 bytes).\n2026-05-28 17:41:44,128 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2ACD0000: C:\\Windows\\System32\\CFGMGR32 (0x4e000 bytes).\n2026-05-28 17:41:44,129 [root] DEBUG: 2208: DLL loaded at 0x00007FFC232B0000: C:\\Windows\\SYSTEM32\\dhcpcsvc (0x1d000 bytes).\n2026-05-28 17:41:44,130 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27140000: C:\\Windows\\SYSTEM32\\PROPSYS (0xf6000 bytes).\n2026-05-28 17:41:44,132 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29BD0000: C:\\Windows\\SYSTEM32\\DNSAPI (0xca000 bytes).\n2026-05-28 17:41:44,134 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1BEB0000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-05-28 17:41:44,136 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27DC0000: C:\\Windows\\System32\\CoreMessaging (0xf2000 bytes).\n2026-05-28 17:41:44,137 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26FE0000: C:\\Windows\\SYSTEM32\\wintypes (0x155000 bytes).\n2026-05-28 17:41:44,137 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27980000: C:\\Windows\\System32\\CoreUIComponents (0x35b000 bytes).\n2026-05-28 17:41:44,138 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1FA90000: C:\\Windows\\SYSTEM32\\textinputframework (0xf9000 bytes).\n2026-05-28 17:41:44,140 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1BCF0000: C:\\Windows\\system32\\Windows.Storage.Search (0xc6000 bytes).\n2026-05-28 17:41:44,141 [root] DEBUG: 2208: DLL loaded at 0x00007FFC25980000: C:\\Windows\\System32\\twinapi.appcore (0x203000 bytes).\n2026-05-28 17:41:44,143 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17530000: C:\\Windows\\system32\\twinapi (0xa9000 bytes).\n2026-05-28 17:41:44,144 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1AD10000: C:\\Windows\\system32\\mssprxy (0x28000 bytes).\n2026-05-28 17:41:44,148 [root] DEBUG: 2208: DLL loaded at 0x00007FFC25B90000: C:\\Windows\\System32\\WindowManagementAPI (0xa1000 bytes).\n2026-05-28 17:41:44,148 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1F650000: C:\\Windows\\System32\\InputHost (0x152000 bytes).\n2026-05-28 17:41:44,149 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1FB90000: C:\\Windows\\System32\\Windows.UI (0x141000 bytes).\n2026-05-28 17:41:44,150 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1ACE0000: C:\\Windows\\SYSTEM32\\edputil (0x24000 bytes).\n2026-05-28 17:41:44,158 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27460000: C:\\Windows\\SYSTEM32\\WTSAPI32 (0x14000 bytes).\n2026-05-28 17:41:44,163 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A500000: C:\\Windows\\SYSTEM32\\WINSTA (0x5b000 bytes).\n2026-05-28 17:41:44,166 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20C50000: C:\\Windows\\System32\\iertutil (0x2bc000 bytes).\n2026-05-28 17:41:44,167 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1AC10000: C:\\Windows\\System32\\Windows.Web (0xc3000 bytes).\n2026-05-28 17:41:44,169 [root] DEBUG: 2208: DLL loaded at 0x00007FFBBE3D0000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\oneauth (0x5c4000 bytes).\n2026-05-28 17:41:44,171 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1CBA0000: C:\\Windows\\SYSTEM32\\Secur32 (0xc000 bytes).\n2026-05-28 17:41:44,173 [root] DEBUG: 2208: DLL loaded at 0x00007FFC22A50000: C:\\Windows\\SYSTEM32\\WINHTTP (0x10a000 bytes).\n2026-05-28 17:41:44,174 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1E400000: C:\\Windows\\System32\\Windows.UI.Immersive (0x139000 bytes).\n2026-05-28 17:41:44,175 [root] DEBUG: 2208: DLL loaded at 0x00007FFC257D0000: C:\\Windows\\SYSTEM32\\ColorAdapterClient (0x11000 bytes).\n2026-05-28 17:41:44,176 [root] DEBUG: 2208: DLL loaded at 0x00007FFC257F0000: C:\\Windows\\SYSTEM32\\mscms (0xae000 bytes).\n2026-05-28 17:41:44,202 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1BE00000: C:\\Windows\\SYSTEM32\\LINKINFO (0xd000 bytes).\n2026-05-28 17:41:44,229 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10688: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,230 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29090000: C:\\Windows\\system32\\dxgi (0xf3000 bytes).\n2026-05-28 17:41:44,231 [root] DEBUG: 2208: caller_dispatch: Added region at 0x00007FF7B5F00000 to tracked regions list (kernel32::CreateProcessInternalW returns to 0x00007FF7B5FF7D66, thread 10372).\n2026-05-28 17:41:44,231 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26D70000: C:\\Windows\\system32\\d3d11 (0x263000 bytes).\n2026-05-28 17:41:44,232 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10688\n2026-05-28 17:41:44,233 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27240000: C:\\Windows\\system32\\dcomp (0x1e3000 bytes).\n2026-05-28 17:41:44,233 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10688\n2026-05-28 17:41:44,235 [root] DEBUG: 2208: DLL loaded at 0x00007FFC14FC0000: C:\\Windows\\system32\\dataexchange (0x3e000 bytes).\n2026-05-28 17:41:44,236 [root] DEBUG: 2208: ProcessImageBase: Main module image at 0x00007FF7B5F00000 unmodified (entropy change 0.000000e+00)\n2026-05-28 17:41:44,258 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10748: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,275 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A580000: C:\\Windows\\SYSTEM32\\sxs (0xa2000 bytes).\n2026-05-28 17:41:44,281 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10760: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,282 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10748\n2026-05-28 17:41:44,285 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10828: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,286 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10836: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,291 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10760\n2026-05-28 17:41:44,292 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17950000: C:\\Windows\\System32\\Windows.System.Profile.RetailInfo (0x28000 bytes).\n2026-05-28 17:41:44,293 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10828\n2026-05-28 17:41:44,294 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10836\n2026-05-28 17:41:44,295 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10748\n2026-05-28 17:41:44,296 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10828\n2026-05-28 17:41:44,297 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10760\n2026-05-28 17:41:44,297 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10836\n2026-05-28 17:41:44,308 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15030000: C:\\Windows\\SYSTEM32\\OLEACC (0x66000 bytes).\n2026-05-28 17:41:44,342 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1D050000: C:\\Windows\\system32\\directmanipulation (0x9d000 bytes).\n2026-05-28 17:41:44,374 [root] DEBUG: 2208: DLL loaded at 0x00007FFC25960000: C:\\Windows\\SYSTEM32\\usermgrcli (0x16000 bytes).\n2026-05-28 17:41:44,382 [root] DEBUG: 2208: DLL loaded at 0x00007FFC12AB0000: C:\\Windows\\System32\\Windows.Internal.UI.Shell.WindowTabManager (0x6d000 bytes).\n2026-05-28 17:41:44,383 [root] DEBUG: 2208: DLL loaded at 0x00007FFC283C0000: C:\\Windows\\SYSTEM32\\dwmapi (0x2f000 bytes).\n2026-05-28 17:41:44,513 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,548 [root] DEBUG: 2208: DLL loaded at 0x00007FFC198A0000: C:\\Windows\\System32\\Windows.Security.Authentication.Web.Core (0x11d000 bytes).\n2026-05-28 17:41:44,591 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,597 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,603 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 11252: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:44,605 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A2D0000: C:\\Windows\\SYSTEM32\\MSASN1 (0x12000 bytes).\n2026-05-28 17:41:44,606 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,621 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,623 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11252\n2026-05-28 17:41:44,624 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,624 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1C0A0000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x7f000 bytes).\n2026-05-28 17:41:44,625 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,626 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11252\n2026-05-28 17:41:44,628 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,633 [root] DEBUG: 2208: DLL loaded at 0x00007FFBED5F0000: C:\\Users\\admin\\AppData\\Local\\Microsoft\\Edge\\User Data\\Well Known Domains\\1.2.0.0\\well_known_domains (0x9e000 bytes).\n2026-05-28 17:41:44,636 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,636 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,638 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,639 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,644 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A090000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x18000 bytes).\n2026-05-28 17:41:44,646 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,647 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1CFE0000: C:\\Windows\\System32\\vaultcli (0x51000 bytes).\n2026-05-28 17:41:44,650 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,653 [root] DEBUG: 2208: DLL loaded at 0x00007FFC297D0000: C:\\Windows\\system32\\rsaenh (0x34000 bytes).\n2026-05-28 17:41:44,665 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,666 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,667 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17910000: C:\\Windows\\System32\\aadWamExtension (0x36000 bytes).\n2026-05-28 17:41:44,668 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,672 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,681 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,683 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,684 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,684 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,686 [root] DEBUG: 2208: DLL loaded at 0x00007FFBED560000: C:\\Windows\\System32\\MicrosoftAccountWAMExtension (0x8c000 bytes).\n2026-05-28 17:41:44,688 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,689 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,694 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,695 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,700 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,702 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:44,706 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:44,709 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,079 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,080 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,364 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,365 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,369 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,370 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,374 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,375 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,379 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,380 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,381 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,381 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,385 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,385 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,399 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,400 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,400 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,400 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,404 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,404 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,405 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,405 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,411 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,411 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,418 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,418 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,425 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,426 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,430 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,430 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,444 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,444 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,449 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,449 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,461 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,461 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,467 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,467 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,486 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,486 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,491 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,491 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,498 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,499 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,504 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,504 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,519 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,520 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,524 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,524 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,534 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,535 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,539 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,539 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,550 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,551 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,555 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,555 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,580 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 11928: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:45,581 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 11940: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:45,582 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11928\n2026-05-28 17:41:45,582 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11940\n2026-05-28 17:41:45,583 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11928\n2026-05-28 17:41:45,583 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11940\n2026-05-28 17:41:45,593 [root] DEBUG: 2208: DLL loaded at 0x00007FFC24C20000: C:\\Windows\\System32\\netprofm (0x3f000 bytes).\n2026-05-28 17:41:45,620 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,621 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,626 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,626 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,637 [root] DEBUG: 2208: DLL loaded at 0x00007FFBB9DC0000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\telclient (0x3ed000 bytes).\n2026-05-28 17:41:45,657 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2C0D0000: C:\\Windows\\System32\\SETUPAPI (0x46e000 bytes).\n2026-05-28 17:41:45,658 [root] DEBUG: 2208: DLL loaded at 0x00007FFC225B0000: C:\\Windows\\System32\\npmproxy (0x10000 bytes).\n2026-05-28 17:41:45,660 [root] DEBUG: 2208: DLL loaded at 0x00007FFBB9A80000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\oneds (0x33f000 bytes).\n2026-05-28 17:41:45,664 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A490000: C:\\Windows\\SYSTEM32\\DEVOBJ (0x33000 bytes).\n2026-05-28 17:41:45,665 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B050000: C:\\Windows\\System32\\WINTRUST (0x67000 bytes).\n2026-05-28 17:41:45,679 [root] DEBUG: 2208: DLL loaded at 0x00007FFC293F0000: C:\\Windows\\System32\\FirewallAPI (0x96000 bytes).\n2026-05-28 17:41:45,680 [root] DEBUG: 2208: DLL loaded at 0x00007FFC293B0000: C:\\Windows\\System32\\fwbase (0x36000 bytes).\n2026-05-28 17:41:45,689 [root] DEBUG: 2208: DLL loaded at 0x00007FFC11D50000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\microsoft_shell_integration (0x78000 bytes).\n2026-05-28 17:41:45,699 [root] DEBUG: 2208: DLL loaded at 0x00007FFBBCBD0000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\ffmpeg (0x467000 bytes).\n2026-05-28 17:41:45,701 [root] DEBUG: 2208: DLL loaded at 0x00007FFC284D0000: C:\\Windows\\System32\\RMCLIENT (0x2a000 bytes).\n2026-05-28 17:41:45,702 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26310000: C:\\Windows\\System32\\XmlLite (0x36000 bytes).\n2026-05-28 17:41:45,702 [root] DEBUG: 2208: DLL loaded at 0x00007FFC16860000: C:\\Windows\\System32\\wpnapps (0x15b000 bytes).\n2026-05-28 17:41:45,722 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,723 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,727 [root] DEBUG: 2208: DLL loaded at 0x00007FFC11B00000: C:\\Windows\\System32\\ShellCommonCommonProxyStub (0xe4000 bytes).\n2026-05-28 17:41:45,727 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,728 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,752 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,753 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,759 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,759 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,775 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,776 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,780 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,780 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,787 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,788 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,792 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,792 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,796 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20180000: C:\\Windows\\system32\\TenantRestrictionsPlugin (0x1b000 bytes).\n2026-05-28 17:41:45,801 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,803 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,806 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,807 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,816 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,817 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,821 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,821 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,830 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,831 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,835 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,835 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,847 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,847 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,851 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,852 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,863 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,864 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,869 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,869 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,886 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,887 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,890 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,891 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,898 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,899 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,903 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,903 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,917 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,917 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,921 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,922 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,929 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,929 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,933 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,934 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:45,960 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10964: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe, ImageBase: 0x00007FF7809A0000\n2026-05-28 17:41:45,961 [root] INFO: Announced 64-bit process name: identity_helper.exe pid: 10964\n2026-05-28 17:41:45,961 [lib.api.process] INFO: Monitor config for process 10964: C:\\q61py415\\dll\\10964.ini\n2026-05-28 17:41:45,962 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:45,997 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:45,998 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,003 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,004 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,059 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,060 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,064 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,065 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,079 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,079 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,084 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,085 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,091 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,092 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,096 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,097 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,100 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\\Windows\\SYSTEM32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:46,101 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23B90000: C:\\Windows\\SYSTEM32\\policymanager (0xa1000 bytes).\n2026-05-28 17:41:46,108 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,108 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,113 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,114 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,122 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,123 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,128 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,128 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,135 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,136 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,140 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,141 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,147 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,148 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,151 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,152 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,161 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,162 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,166 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:46,167 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:46,468 [lib.api.process] INFO: Potential dll side-loading detected in local directory: d3dcompiler_47.dll\n2026-05-28 17:41:46,468 [lib.api.process] INFO: Potential dll side-loading detected in local directory: onnxruntime.dll\n2026-05-28 17:41:46,471 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:46,475 [root] DEBUG: Loader: Injecting process 10964 (thread 10984) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:46,476 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:41:46,476 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:46,478 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:46,483 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23660000: C:\\Windows\\SYSTEM32\\capauthz (0x51000 bytes).\n2026-05-28 17:41:46,484 [root] DEBUG: 2208: DLL loaded at 0x00007FFC204E0000: C:\\Windows\\SYSTEM32\\windows.staterepositorycore (0x11000 bytes).\n2026-05-28 17:41:46,486 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 12320: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe, ImageBase: 0x00007FF7809A0000\n2026-05-28 17:41:46,488 [root] INFO: Announced 64-bit process name: identity_helper.exe pid: 12320\n2026-05-28 17:41:46,488 [lib.api.process] INFO: Monitor config for process 12320: C:\\q61py415\\dll\\12320.ini\n2026-05-28 17:41:46,489 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:46,557 [lib.api.process] INFO: Potential dll side-loading detected in local directory: d3dcompiler_47.dll\n2026-05-28 17:41:46,557 [lib.api.process] INFO: Potential dll side-loading detected in local directory: onnxruntime.dll\n2026-05-28 17:41:46,559 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:46,563 [root] DEBUG: Loader: Injecting process 12320 (thread 12324) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:46,563 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:41:46,564 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:46,565 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:46,567 [root] INFO: Announced 64-bit process name: identity_helper.exe pid: 12320\n2026-05-28 17:41:46,567 [lib.api.process] INFO: Monitor config for process 12320: C:\\q61py415\\dll\\12320.ini\n2026-05-28 17:41:46,568 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:46,636 [lib.api.process] INFO: Potential dll side-loading detected in local directory: d3dcompiler_47.dll\n2026-05-28 17:41:46,636 [lib.api.process] INFO: Potential dll side-loading detected in local directory: onnxruntime.dll\n2026-05-28 17:41:46,638 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:46,642 [root] DEBUG: Loader: Injecting process 12320 (thread 12324) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:46,642 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-05-28 17:41:46,643 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:46,644 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:46,658 [root] DEBUG: 12320: Python path set to 'C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64'.\n2026-05-28 17:41:46,658 [root] DEBUG: 12320: Interactive desktop enabled.\n2026-05-28 17:41:46,659 [root] DEBUG: 12320: Dropped file limit defaulting to 100.\n2026-05-28 17:41:46,664 [root] DEBUG: 12320: Disabling sleep skipping.\n2026-05-28 17:41:46,665 [root] DEBUG: 12320: YaraInit: Compiled rules loaded from existing file C:\\q61py415\\data\\yara\\capemon.yac\n2026-05-28 17:41:46,677 [root] DEBUG: 12320: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0\n2026-05-28 17:41:46,677 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:46,695 [root] DEBUG: 12320: Monitor initialised: 64-bit capemon loaded in process 12320 at 0x00007FFC14380000, thread 12324, image base 0x00007FF7809A0000, stack from 0x0000005093D94000-0x0000005093DA0000\n2026-05-28 17:41:46,696 [root] DEBUG: 12320: Commandline: \"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\identity_helper.exe\" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,1435369039403\n2026-05-28 17:41:46,696 [root] DEBUG: 12320: add_all_dlls_to_dll_ranges: skipping C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf.dll\n2026-05-28 17:41:46,705 [root] DEBUG: 12320: hook_api: LdrpCallInitRoutine export address 0x00007FFC2D1099BC obtained via GetFunctionAddress\n2026-05-28 17:41:46,732 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'\n2026-05-28 17:41:46,733 [root] DEBUG: 12320: set_hooks: Unable to hook LockResource\n2026-05-28 17:41:46,740 [root] DEBUG: 12320: Hooked 627 out of 628 functions\n2026-05-28 17:41:46,746 [root] DEBUG: 2208: DLL loaded at 0x00007FFC19AE0000: C:\\Windows\\System32\\Windows.ApplicationModel (0xe9000 bytes).\n2026-05-28 17:41:46,747 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23A80000: C:\\Windows\\System32\\AppXDeploymentClient (0x102000 bytes).\n2026-05-28 17:41:46,750 [root] DEBUG: 2208: DLL loaded at 0x00007FFC22E90000: C:\\Windows\\system32\\wlanapi (0x74000 bytes).\n2026-05-28 17:41:46,755 [root] DEBUG: 12320: Syscall hook installed, syscall logging level 1\n2026-05-28 17:41:46,760 [root] DEBUG: 12320: RestoreHeaders: Restored original import table.\n2026-05-28 17:41:46,760 [root] INFO: Loaded monitor into process with pid 12320\n2026-05-28 17:41:46,761 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:46,845 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:46,867 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17770000: C:\\Windows\\SYSTEM32\\NETAPI32 (0x19000 bytes).\n2026-05-28 17:41:46,870 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A1B0000: C:\\Windows\\SYSTEM32\\ncrypt (0x27000 bytes).\n2026-05-28 17:41:46,871 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A170000: C:\\Windows\\SYSTEM32\\NTASN1 (0x3b000 bytes).\n2026-05-28 17:41:46,872 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:46,873 [root] DEBUG: 2208: DLL loaded at 0x00007FFC236E0000: C:\\Windows\\system32\\PCPKsp (0x118000 bytes).\n2026-05-28 17:41:46,879 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B260000: C:\\Windows\\System32\\imagehlp (0x1d000 bytes).\n2026-05-28 17:41:46,880 [root] DEBUG: 2208: DLL loaded at 0x00007FFC236C0000: C:\\Windows\\SYSTEM32\\tbs (0x1b000 bytes).\n2026-05-28 17:41:46,889 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17800000: C:\\Windows\\system32\\ncryptprov (0x5a000 bytes).\n2026-05-28 17:41:46,901 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:46,926 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:46,952 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:46,977 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994\n2026-05-28 17:41:47,004 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29EA0000: C:\\Windows\\system32\\mswsock (0x6a000 bytes).\n2026-05-28 17:41:47,006 [root] DEBUG: 12320: caller_dispatch: Added region at 0x00007FFBD2060000 to tracked regions list (ntdll::NtProtectVirtualMemory returns to 0x00007FFBD225F156, thread 12324).\n2026-05-28 17:41:47,006 [root] DEBUG: 12320: caller_dispatch: Scanning calling region at 0x00007FFBD2060000...\n2026-05-28 17:41:47,010 [root] DEBUG: 12320: ProcessTrackedRegion: Region at 0x00007FFBD2060000 mapped as \\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge_elf.dll appears unmodified, skipping\n2026-05-28 17:41:47,012 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B0C0000: C:\\Windows\\System32\\bcryptprimitives (0x82000 bytes).\n2026-05-28 17:41:47,043 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,059 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,075 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,091 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,107 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,124 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,141 [root] DEBUG: 12320: caller_dispatch: Added region at 0x00007FF7809A0000 to tracked regions list (ntdll::NtProtectVirtualMemory returns to 0x00007FF780A94096, thread 12324).\n2026-05-28 17:41:47,142 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8\n2026-05-28 17:41:47,159 [root] DEBUG: 12320: ProcessImageBase: Main module image at 0x00007FF7809A0000 unmodified (entropy change 0.000000e+00)\n2026-05-28 17:41:47,163 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B150000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-05-28 17:41:47,186 [root] DEBUG: 12320: DLL loaded at 0x00007FFBBE9A0000: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\148.0.3967.83\\msedge (0x136be000 bytes).\n2026-05-28 17:41:47,190 [root] DEBUG: 12320: DLL loaded at 0x00007FFC28160000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-05-28 17:41:47,193 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B280000: C:\\Windows\\System32\\MSCTF (0x114000 bytes).\n2026-05-28 17:41:47,222 [root] DEBUG: 12320: DLL loaded at 0x00007FFC286B0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-05-28 17:41:47,271 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2C9C0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-05-28 17:41:47,282 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B150000: C:\\Windows\\System32\\shcore (0xad000 bytes).\n2026-05-28 17:41:47,283 [root] DEBUG: 12320: DLL loaded at 0x00007FFC27140000: C:\\Windows\\System32\\PROPSYS (0xf6000 bytes).\n2026-05-28 17:41:47,284 [root] DEBUG: 12320: DLL loaded at 0x00007FFC27DC0000: C:\\Windows\\System32\\CoreMessaging (0xf2000 bytes).\n2026-05-28 17:41:47,284 [root] DEBUG: 12320: DLL loaded at 0x00007FFC19830000: C:\\Windows\\System32\\execmodelclient (0x63000 bytes).\n2026-05-28 17:41:47,292 [root] DEBUG: 12320: DLL loaded at 0x00007FFC25980000: C:\\Windows\\System32\\twinapi.appcore (0x203000 bytes).\n2026-05-28 17:41:47,294 [root] DEBUG: 12320: DLL loaded at 0x00007FFC26FE0000: C:\\Windows\\SYSTEM32\\wintypes (0x155000 bytes).\n2026-05-28 17:41:47,296 [root] DEBUG: 12320: DLL loaded at 0x00007FFC284D0000: C:\\Windows\\System32\\RMCLIENT (0x2a000 bytes).\n2026-05-28 17:41:47,297 [root] DEBUG: 12320: DLL loaded at 0x00007FFC26310000: C:\\Windows\\System32\\XmlLite (0x36000 bytes).\n2026-05-28 17:41:47,297 [root] DEBUG: 12320: DLL loaded at 0x00007FFC16860000: C:\\Windows\\System32\\wpnapps (0x15b000 bytes).\n2026-05-28 17:41:47,305 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1C0A0000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x7f000 bytes).\n2026-05-28 17:41:47,313 [root] DEBUG: 12320: DLL loaded at 0x00007FFC178B0000: C:\\Windows\\system32\\execmodelproxy (0x18000 bytes).\n2026-05-28 17:41:47,319 [root] DEBUG: 12320: DLL loaded at 0x00007FFC29860000: C:\\Windows\\System32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:41:47,320 [root] DEBUG: 12320: DLL loaded at 0x00007FFC23B90000: C:\\Windows\\SYSTEM32\\policymanager (0xa1000 bytes).\n2026-05-28 17:41:47,323 [root] DEBUG: 12320: DLL loaded at 0x00007FFC25960000: C:\\Windows\\SYSTEM32\\usermgrcli (0x16000 bytes).\n2026-05-28 17:41:47,331 [root] DEBUG: 12320: DLL loaded at 0x00007FFC24D40000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x7d0000 bytes).\n2026-05-28 17:41:47,335 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1BEB0000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-05-28 17:41:47,342 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B050000: C:\\Windows\\System32\\WINTRUST (0x67000 bytes).\n2026-05-28 17:41:47,343 [root] DEBUG: 12320: DLL loaded at 0x00007FFC23660000: C:\\Windows\\SYSTEM32\\capauthz (0x51000 bytes).\n2026-05-28 17:41:47,351 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2A2D0000: C:\\Windows\\System32\\MSASN1 (0x12000 bytes).\n2026-05-28 17:41:47,401 [root] DEBUG: 12320: DLL loaded at 0x00007FFC19AE0000: C:\\Windows\\System32\\Windows.ApplicationModel (0xe9000 bytes).\n2026-05-28 17:41:47,407 [root] DEBUG: 12320: DLL loaded at 0x00007FFC0C8D0000: C:\\Windows\\System32\\CryptoWinRT (0x61000 bytes).\n2026-05-28 17:41:47,420 [lib.api.process] INFO: Monitor config for process 760: C:\\q61py415\\dll\\760.ini\n2026-05-28 17:41:47,421 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:41:47,422 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:41:47,427 [root] DEBUG: Loader: Injecting process 760 with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:47,430 [root] DEBUG: 760: Python path set to 'C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64'.\n2026-05-28 17:41:47,430 [root] DEBUG: 760: Disabling sleep skipping.\n2026-05-28 17:41:47,430 [root] DEBUG: 760: Interactive desktop enabled.\n2026-05-28 17:41:47,431 [root] DEBUG: 760: Dropped file limit defaulting to 100.\n2026-05-28 17:41:47,434 [root] DEBUG: 760: Services hook set enabled\n2026-05-28 17:41:47,435 [root] DEBUG: 760: YaraInit: Compiled rules loaded from existing file C:\\q61py415\\data\\yara\\capemon.yac\n2026-05-28 17:41:47,449 [root] DEBUG: 760: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0\n2026-05-28 17:41:47,450 [root] DEBUG: 760: Monitor initialised: 64-bit capemon loaded in process 760 at 0x00007FFC14380000, thread 12848, image base 0x00007FF7B7570000, stack from 0x000000946FBF4000-0x000000946FC00000\n2026-05-28 17:41:47,450 [root] DEBUG: 760: Commandline: C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p\n2026-05-28 17:41:47,463 [root] DEBUG: 760: Hooked 69 out of 69 functions\n2026-05-28 17:41:47,464 [root] INFO: Loaded monitor into process with pid 760\n2026-05-28 17:41:47,464 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-05-28 17:41:47,465 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:41:47,466 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:41:47,595 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:47,596 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:47,600 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:47,600 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:47,795 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:47,796 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:47,800 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:47,801 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:48,409 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:48,410 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:49,488 [root] DEBUG: 12320: DLL loaded at 0x00007FFC200C0000: C:\\Windows\\System32\\StateRepository.Core (0xb1000 bytes).\n2026-05-28 17:41:49,489 [root] DEBUG: 12320: DLL loaded at 0x00007FFC20500000: C:\\Windows\\System32\\Windows.StateRepository (0x58e000 bytes).\n2026-05-28 17:41:49,489 [root] DEBUG: 12320: DLL loaded at 0x00007FFC17000000: C:\\Windows\\System32\\TileDataRepository (0x99000 bytes).\n2026-05-28 17:41:49,490 [root] DEBUG: 12320: DLL loaded at 0x00007FFC10950000: C:\\Windows\\System32\\biwinrt (0x53000 bytes).\n2026-05-28 17:41:49,505 [root] DEBUG: 12320: DLL loaded at 0x00007FFC23800000: C:\\Windows\\System32\\usermgrproxy (0x54000 bytes).\n2026-05-28 17:41:49,550 [root] DEBUG: 12320: DLL loaded at 0x00007FFC29090000: C:\\Windows\\System32\\dxgi (0xf3000 bytes).\n2026-05-28 17:41:49,551 [root] DEBUG: 12320: DLL loaded at 0x00007FFC26D70000: C:\\Windows\\System32\\d3d11 (0x263000 bytes).\n2026-05-28 17:41:49,558 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1D2B0000: C:\\Windows\\System32\\WININET (0x4d6000 bytes).\n2026-05-28 17:41:49,558 [root] DEBUG: 12320: DLL loaded at 0x00007FFC10840000: C:\\Windows\\System32\\windows.internal.shell.broker (0xdd000 bytes).\n2026-05-28 17:41:49,572 [root] DEBUG: 12320: DLL loaded at 0x00007FFC11C60000: C:\\Windows\\System32\\PCShellCommonProxyStub (0x13000 bytes).\n2026-05-28 17:41:49,593 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2A6C0000: C:\\Windows\\System32\\USERENV (0x2e000 bytes).\n2026-05-28 17:41:49,594 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2A140000: C:\\Windows\\System32\\Wldp (0x2d000 bytes).\n2026-05-28 17:41:49,594 [root] DEBUG: 12320: DLL loaded at 0x00007FFC288B0000: C:\\Windows\\SYSTEM32\\windows.storage (0x79b000 bytes).\n2026-05-28 17:41:49,595 [root] DEBUG: 12320: DLL loaded at 0x00007FFC20480000: C:\\Windows\\System32\\Bcp47Langs (0x5b000 bytes).\n2026-05-28 17:41:49,595 [root] DEBUG: 12320: DLL loaded at 0x00007FFC16A70000: C:\\Windows\\System32\\StartTileData (0x58a000 bytes).\n2026-05-28 17:41:49,625 [root] DEBUG: 12320: DLL loaded at 0x00007FFC10BF0000: C:\\Windows\\System32\\Windows.Storage.ApplicationData (0x66000 bytes).\n2026-05-28 17:41:49,654 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1AD10000: C:\\Windows\\system32\\mssprxy (0x28000 bytes).\n2026-05-28 17:41:49,690 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2ACD0000: C:\\Windows\\System32\\CFGMGR32 (0x4e000 bytes).\n2026-05-28 17:41:50,612 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13100: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:41:50,613 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13100\n2026-05-28 17:41:50,614 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13100\n2026-05-28 17:41:52,237 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:41:52,238 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:41:59,769 [root] INFO: Process with pid 12320 has terminated\n2026-05-28 17:41:59,770 [root] DEBUG: 12320: NtTerminateProcess hook: Attempting to dump process 12320\n2026-05-28 17:41:59,773 [root] DEBUG: 12320: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-05-28 17:42:00,449 [root] INFO: Announced starting service \"b'GoogleUpdaterService149.0.7814.0'\"\n2026-05-28 17:42:00,450 [lib.api.process] INFO: Monitor config for process 624: C:\\q61py415\\dll\\624.ini\n2026-05-28 17:42:00,451 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:42:00,452 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:42:00,456 [root] DEBUG: Loader: Injecting process 624 with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:42:00,458 [root] DEBUG: Loader: Copied config file C:\\q61py415\\dll\\624.ini to system path C:\\624.ini\n2026-05-28 17:42:00,462 [root] DEBUG: Loader: Unable to open process, launched: PPLinject64.exe 624 C:\\q61py415\\dll\\wXsOlW.dll\n2026-05-28 17:42:00,467 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:42:00,479 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:42:03,601 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:42:03,603 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:03,610 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)\n2026-05-28 17:42:03,611 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:03,612 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25E00000: C:\\Windows\\System32\\taskschd (0xac000 bytes).\n2026-05-28 17:42:03,617 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:03,617 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:03,618 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1CBA0000: C:\\Windows\\SYSTEM32\\Secur32 (0xc000 bytes).\n2026-05-28 17:42:05,615 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23E60000: C:\\Windows\\SYSTEM32\\wevtapi (0x65000 bytes).\n2026-05-28 17:42:11,711 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,712 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,718 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,718 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 12764: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:42:11,719 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,719 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 12764\n2026-05-28 17:42:11,728 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,728 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,729 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,730 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,730 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 12764\n2026-05-28 17:42:11,755 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,764 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,773 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 8160: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:42:11,773 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,774 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8160\n2026-05-28 17:42:11,779 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,781 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,781 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,782 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8160\n2026-05-28 17:42:11,815 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,819 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,827 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 7824: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:42:11,827 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,829 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 7824\n2026-05-28 17:42:11,830 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,836 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,837 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,838 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 7824\n2026-05-28 17:42:11,864 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,874 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:11,884 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:11,885 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:14,084 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1FE60000: C:\\Windows\\System32\\Windows.System.UserProfile.DiagnosticsSettings (0x15000 bytes).\n2026-05-28 17:42:14,162 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13388: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:42:14,163 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13388\n2026-05-28 17:42:14,164 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13388\n2026-05-28 17:42:20,632 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13500: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:42:20,633 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13500\n2026-05-28 17:42:20,634 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13500\n2026-05-28 17:42:42,099 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:42,100 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:42,743 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:42:42,744 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:42:44,150 [root] DEBUG: 2208: DLL loaded at 0x00007FFC292E0000: C:\\Windows\\SYSTEM32\\sppc (0x25000 bytes).\n2026-05-28 17:42:44,151 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29310000: C:\\Windows\\system32\\slc (0x29000 bytes).\n2026-05-28 17:42:44,153 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1CF10000: C:\\Windows\\system32\\slwga (0x19000 bytes).\n2026-05-28 17:42:44,185 [root] DEBUG: 2208: DLL loaded at 0x00007FFC14880000: C:\\Windows\\System32\\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient (0x12000 bytes).\n2026-05-28 17:42:44,197 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13868: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:42:44,198 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13868\n2026-05-28 17:42:44,199 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13868\n2026-05-28 17:42:44,306 [root] DEBUG: 2208: DLL loaded at 0x00007FFBE85B0000: C:\\Windows\\System32\\CloudExperienceHostCommon (0x128000 bytes).\n2026-05-28 17:42:48,899 [root] DEBUG: 4248: DLL loaded at 0x00007FFC14310000: C:\\Windows\\SYSTEM32\\storageusage (0x2f000 bytes).\n2026-05-28 17:43:20,654 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13416: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:43:20,656 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13416\n2026-05-28 17:43:20,657 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13416\n2026-05-28 17:43:24,436 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 12064: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:43:24,437 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 12064\n2026-05-28 17:43:24,438 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 12064\n2026-05-28 17:43:24,781 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15280000: C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId (0xf4000 bytes).\n2026-05-28 17:43:30,171 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13596: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:43:30,433 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13596\n2026-05-28 17:43:30,719 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13596\n2026-05-28 17:43:42,259 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:43,575 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:44,801 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 5932: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe, ImageBase: 0x00007FF7B5F00000\n2026-05-28 17:43:45,162 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:45,578 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 13828: C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe, ImageBase: 0x00007FF78CD00000\n2026-05-28 17:43:45,801 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 5932\n2026-05-28 17:43:45,893 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:46,025 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 13828\n2026-05-28 17:43:46,120 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 5932\n2026-05-28 17:43:46,255 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:46,344 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:46,484 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:46,619 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:46,705 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:46,800 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:46,999 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 13828\n2026-05-28 17:43:47,216 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:47,420 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:47,629 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)\n2026-05-28 17:43:47,821 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \\Device\\HarddiskVolume2\\Program Files\\Google\\Chrome\\Application\\148.0.7778.217\\chrome_elf.dll is in known range, skipping\n2026-05-28 17:43:50,542 [root] DEBUG: 4248: CreateProcessHandler: Injection info set for new process 14276: C:\\Windows\\system32\\taskmgr.exe, ImageBase: 0x00007FF7299E0000\n2026-05-28 17:43:50,790 [root] INFO: Announced 64-bit process name: Taskmgr.exe pid: 14276\n2026-05-28 17:43:50,871 [lib.api.process] INFO: Monitor config for process 14276: C:\\q61py415\\dll\\14276.ini\n2026-05-28 17:43:51,070 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:43:51,152 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:43:51,462 [root] DEBUG: Loader: Injecting process 14276 (thread 14212) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:43:51,700 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:43:51,904 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:43:52,182 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:43:52,392 [root] INFO: Announced 64-bit process name: Taskmgr.exe pid: 14276\n2026-05-28 17:43:52,469 [lib.api.process] INFO: Monitor config for process 14276: C:\\q61py415\\dll\\14276.ini\n2026-05-28 17:43:52,553 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:43:52,639 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:43:53,056 [root] DEBUG: Loader: Injecting process 14276 (thread 14212) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:43:53,259 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-05-28 17:43:53,467 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:43:53,706 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:43:53,909 [root] INFO: Announced 64-bit process name: Taskmgr.exe pid: 14276\n2026-05-28 17:43:53,993 [lib.api.process] INFO: Monitor config for process 14276: C:\\q61py415\\dll\\14276.ini\n2026-05-28 17:43:54,071 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:43:54,147 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:43:54,450 [root] DEBUG: Loader: Injecting process 14276 with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:43:54,655 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 14212, handle 0x120\n2026-05-28 17:43:54,846 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-05-28 17:43:55,050 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:43:55,291 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:43:55,668 [root] DEBUG: 14276: Python path set to 'C:\\Users\\admin\\AppData\\Local\\Python\\pythoncore-3.14-64'.\n2026-05-28 17:43:55,853 [root] DEBUG: 14276: Interactive desktop enabled.\n2026-05-28 17:43:56,080 [root] DEBUG: 14276: Dropped file limit defaulting to 100.\n2026-05-28 17:43:56,422 [root] DEBUG: 14276: Disabling sleep skipping.\n2026-05-28 17:43:56,613 [root] DEBUG: 14276: YaraInit: Compiled rules loaded from existing file C:\\q61py415\\data\\yara\\capemon.yac\n2026-05-28 17:43:56,820 [root] DEBUG: 14276: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0\n2026-05-28 17:43:57,053 [root] DEBUG: 14276: YaraScan: Scanning 0x00007FF7299E0000, size 0x12fcfe\n2026-05-28 17:43:57,294 [root] DEBUG: 14276: Monitor initialised: 64-bit capemon loaded in process 14276 at 0x00007FFC14380000, thread 14212, image base 0x00007FF7299E0000, stack from 0x000000ED18D94000-0x000000ED18DA0000\n2026-05-28 17:43:57,520 [root] DEBUG: 14276: Commandline: \"C:\\Windows\\system32\\taskmgr.exe\" /4\n2026-05-28 17:43:57,725 [root] DEBUG: 14276: hook_api: LdrpCallInitRoutine export address 0x00007FFC2D1099BC obtained via GetFunctionAddress\n2026-05-28 17:43:57,901 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'\n2026-05-28 17:43:58,100 [root] DEBUG: 14276: set_hooks: Unable to hook LockResource\n2026-05-28 17:43:58,288 [root] DEBUG: 14276: Hooked 627 out of 628 functions\n2026-05-28 17:43:58,491 [root] DEBUG: 14276: Syscall hook installed, syscall logging level 1\n2026-05-28 17:43:58,685 [root] DEBUG: 14276: RestoreHeaders: Restored original import table.\n2026-05-28 17:43:58,865 [root] INFO: Loaded monitor into process with pid 14276\n2026-05-28 17:43:59,115 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A560000: C:\\Windows\\system32\\UMPDC (0x12000 bytes).\n2026-05-28 17:43:59,294 [root] DEBUG: 14276: caller_dispatch: Added region at 0x00007FF7299E0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x00007FF729A0FF02, thread 14212).\n2026-05-28 17:43:59,479 [root] DEBUG: 14276: YaraScan: Scanning 0x00007FF7299E0000, size 0x12fcfe\n2026-05-28 17:43:59,682 [root] DEBUG: 14276: ProcessImageBase: Main module image at 0x00007FF7299E0000 unmodified (entropy change 0.000000e+00)\n2026-05-28 17:44:00,015 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2B0C0000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-05-28 17:44:00,216 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2C9C0000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-05-28 17:44:00,416 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2B280000: C:\\Windows\\System32\\MSCTF (0x114000 bytes).\n2026-05-28 17:44:00,615 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1C2E0000: C:\\Windows\\system32\\TextShaping (0xac000 bytes).\n2026-05-28 17:44:00,941 [root] DEBUG: 14276: DLL loaded at 0x00007FFC298F0000: C:\\Windows\\SYSTEM32\\ntmarta (0x33000 bytes).\n2026-05-28 17:44:01,194 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27DC0000: C:\\Windows\\System32\\CoreMessaging (0xf2000 bytes).\n2026-05-28 17:44:01,411 [root] DEBUG: 14276: DLL loaded at 0x00007FFC26FE0000: C:\\Windows\\SYSTEM32\\wintypes (0x155000 bytes).\n2026-05-28 17:44:01,575 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27980000: C:\\Windows\\System32\\CoreUIComponents (0x35b000 bytes).\n2026-05-28 17:44:01,784 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1FA90000: C:\\Windows\\SYSTEM32\\textinputframework (0xf9000 bytes).\n2026-05-28 17:44:02,010 [root] DEBUG: 14276: DLL loaded at 0x00007FFC29860000: C:\\Windows\\system32\\msvcp110_win (0x8a000 bytes).\n2026-05-28 17:44:02,257 [root] DEBUG: 14276: DLL loaded at 0x00007FFC23B90000: C:\\Windows\\SYSTEM32\\policymanager (0xa1000 bytes).\n2026-05-28 17:44:02,501 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1D240000: C:\\Windows\\System32\\NetworkUXBroker (0x6d000 bytes).\n2026-05-28 17:44:02,784 [root] DEBUG: 14276: DLL loaded at 0x00007FFC0D2A0000: C:\\Windows\\SYSTEM32\\atlthunk (0xd000 bytes).\n2026-05-28 17:44:03,216 [root] DEBUG: 4248: DLL loaded at 0x00007FFC0D0A0000: C:\\Windows\\System32\\CapabilityAccessManagerClient (0x3f000 bytes).\n2026-05-28 17:44:03,389 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27460000: C:\\Windows\\system32\\WTSAPI32 (0x14000 bytes).\n2026-05-28 17:44:06,907 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A500000: C:\\Windows\\system32\\WINSTA (0x5b000 bytes).\n2026-05-28 17:44:08,042 [root] DEBUG: 14276: DLL loaded at 0x00007FFC25C40000: C:\\Windows\\system32\\WindowsCodecs (0x1b4000 bytes).\n2026-05-28 17:44:09,884 [root] DEBUG: 760: CreateProcessHandler: Injection info set for new process 12736: C:\\Windows\\system32\\DllHost.exe, ImageBase: 0x00007FF6ABE30000\n2026-05-28 17:44:11,582 [root] DEBUG: 14276: DLL loaded at 0x00007FFC26310000: C:\\Windows\\system32\\XmlLite (0x36000 bytes).\n2026-05-28 17:44:12,106 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 12736\n2026-05-28 17:44:12,455 [lib.api.process] INFO: Monitor config for process 12736: C:\\q61py415\\dll\\12736.ini\n2026-05-28 17:44:12,625 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A700000: C:\\Windows\\System32\\profapi (0x25000 bytes).\n2026-05-28 17:44:13,146 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:44:13,492 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:44:13,492 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1E400000: C:\\Windows\\System32\\Windows.UI.Immersive (0x139000 bytes).\n2026-05-28 17:44:14,782 [root] DEBUG: 14276: DLL loaded at 0x00007FFC15030000: C:\\Windows\\system32\\OLEACC (0x66000 bytes).\n2026-05-28 17:44:15,333 [root] DEBUG: Loader: Injecting process 12736 (thread 14316) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:44:16,087 [root] DEBUG: 14276: DLL loaded at 0x00007FFC19C60000: C:\\Windows\\system32\\srumapi (0x14000 bytes).\n2026-05-28 17:44:16,639 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:44:17,211 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A140000: C:\\Windows\\system32\\Wldp (0x2d000 bytes).\n2026-05-28 17:44:17,986 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:44:20,843 [root] DEBUG: 14276: DLL loaded at 0x00007FFC288B0000: C:\\Windows\\SYSTEM32\\windows.storage (0x79b000 bytes).\n2026-05-28 17:44:21,410 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:44:21,750 [root] DEBUG: 14276: DLL loaded at 0x00007FFC213D0000: C:\\Windows\\system32\\samcli (0x19000 bytes).\n2026-05-28 17:44:21,913 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 12736\n2026-05-28 17:44:22,034 [lib.api.process] INFO: Monitor config for process 12736: C:\\q61py415\\dll\\12736.ini\n2026-05-28 17:44:22,033 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27430000: C:\\Windows\\system32\\SAMLIB (0x28000 bytes).\n2026-05-28 17:44:22,152 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:44:22,402 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:44:22,402 [root] DEBUG: 14276: DLL loaded at 0x00007FFC29CA0000: C:\\Windows\\system32\\netutils (0xc000 bytes).\n2026-05-28 17:44:22,744 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 92, handle 0x5cc:\n2026-05-28 17:44:22,869 [root] DEBUG: 14276: DLL loaded at 0x00007FFC24B40000: C:\\Windows\\System32\\ActXPrxy (0xa2000 bytes).\n2026-05-28 17:44:22,950 [root] DEBUG: Loader: Injecting process 12736 (thread 14316) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:44:23,037 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 436, handle 0x5cc: C:\\Windows\\System32\\csrss.exe\n2026-05-28 17:44:23,168 [root] DEBUG: 14276: DLL loaded at 0x00007FFC14D00000: C:\\Windows\\System32\\thumbcache (0x66000 bytes).\n2026-05-28 17:44:23,325 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:44:23,405 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 524, handle 0x5cc: C:\\Windows\\System32\\csrss.exe\n2026-05-28 17:44:23,492 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27140000: C:\\Windows\\system32\\propsys (0xf6000 bytes).\n2026-05-28 17:44:23,621 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:44:23,853 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 624, handle 0x5cc: C:\\Windows\\System32\\services.exe\n2026-05-28 17:44:23,994 [root] DEBUG: 14276: DLL loaded at 0x00007FFC25980000: C:\\Windows\\System32\\twinapi.appcore (0x203000 bytes).\n2026-05-28 17:44:24,035 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:44:24,091 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 760, handle 0x5cc: C:\\Windows\\System32\\svchost.exe\n2026-05-28 17:44:24,227 [root] DEBUG: 14276: DLL loaded at 0x00007FFC19AE0000: C:\\Windows\\System32\\Windows.ApplicationModel (0xe9000 bytes).\n2026-05-28 17:44:24,362 [root] DEBUG: 760: CreateProcessHandler: Injection info set for new process 2700: C:\\Windows\\system32\\DllHost.exe, ImageBase: 0x00007FF6ABE30000\n2026-05-28 17:44:24,463 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 760 (handle 0x5cc): 0x00007FF7B7570000.\n2026-05-28 17:44:24,593 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1BEB0000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-05-28 17:44:24,757 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 2700\n2026-05-28 17:44:24,849 [lib.api.process] INFO: Monitor config for process 2700: C:\\q61py415\\dll\\2700.ini\n2026-05-28 17:44:24,887 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 780, handle 0x5cc: C:\\Windows\\System32\\fontdrvhost.exe\n2026-05-28 17:44:25,077 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:44:25,151 [lib.api.process] INFO: 64-bit DLL to inject is C:\\q61py415\\dll\\wXsOlW.dll, loader C:\\q61py415\\bin\\OCVwDwZX.exe\n2026-05-28 17:44:25,150 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 928, handle 0x5cc: C:\\Windows\\System32\\svchost.exe\n2026-05-28 17:44:25,470 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 928 (handle 0x5cc): 0x00007FF7B7570000.\n2026-05-28 17:44:25,603 [root] DEBUG: Loader: Injecting process 2700 (thread 3912) with C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:44:25,690 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 420, handle 0x5cc: C:\\Windows\\System32\\svchost.exe\n2026-05-28 17:44:25,816 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-05-28 17:44:25,893 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 420 (handle 0x5cc): 0x00007FF7B7570000.\n2026-05-28 17:44:25,978 [root] DEBUG: Successfully injected DLL C:\\q61py415\\dll\\wXsOlW.dll.\n2026-05-28 17:44:26,066 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 688, handle 0x5cc: C:\\Windows\\System32\\svchost.exe\n2026-05-28 17:44:26,194 [lib.api.process] INFO: Injected into 64-bit \n2026-05-28 17:44:26,286 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 688 (handle 0x5cc): 0x00007FF7B7570000.\n2026-05-28 17:44:26,410 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 2700\n2026-05-28 17:44:26,508 [lib.api.process] INFO: Monitor config for process 2700: C:\\q61py415\\dll\\2700.ini\n2026-05-28 17:44:26,574 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor\n2026-05-28 17:44:26,574 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 1108, handle 0x5cc: C:\\Windows\\System32\\svchost.exe\n", "errors": [] }, "network": {}, "url": { "whois": "Name: None\nCountry: None\nState: None\nCity: None\nZIP Code: None\nAddress: None\n\nOrginization: None\nDomain Name(s):\n None\nCreation Date:\n None\nUpdated Date:\n None\nExpiration Date:\n None\nEmail(s):\n None\n\nRegistrar(s):\n None\nName Server(s):\n None\nReferral URL(s):\n None", "virustotal": { "error": true, "msg": "Unable to complete connection to VirusTotal. Status code: 429" } }, "target": { "category": "url" }, "url_analysis": { "url": "https://sugarcraft(dot)net/" }, "procmemory": [], "signatures": [ { "name": "antivm_checks_available_memory", "description": "Checks available memory", "categories": [ "antivm" ], "severity": 1, "weight": 1, "confidence": 100, "references": [], "data": [ { "type": "call", "pid": 14276, "cid": 8405 } ], "new_data": [], "alert": false, "families": [] }, { "name": "queries_computer_name", "description": "Queries computer hostname", "categories": [ "system_discovery" ], "severity": 1, "weight": 1, "confidence": 100, "references": [], "data": [ { "type": "call", "pid": 14276, "cid": 1492 } ], "new_data": [], "alert": false, "families": [] }, { "name": "queries_keyboard_layout", "description": "Queries the keyboard layout", "categories": [ "location_discovery" ], "severity": 1, "weight": 1, "confidence": 100, "references": [], "data": [ { "type": "call", "pid": 14276, "cid": 622 }, { "type": "call", "pid": 14276, "cid": 647 }, { "type": "call", "pid": 14276, "cid": 783 }, { "type": "call", "pid": 14276, "cid": 904 }, { "type": "call", "pid": 14276, "cid": 910 }, { "type": "call", "pid": 14276, "cid": 2308 }, { "type": "call", "pid": 14276, "cid": 2354 } ], "new_data": [], "alert": false, "families": [] }, { "name": "queries_locale_api", "description": "Queries the computer locale (possible geofencing)", "categories": [ "location_discovery", "geofence" ], "severity": 1, "weight": 1, "confidence": 100, "references": [], "data": [ { "type": "call", "pid": 14276, "cid": 456 }, { "type": "call", "pid": 14276, "cid": 532 } ], "new_data": [], "alert": false, "families": [] }, { "name": "antidebug_setunhandledexceptionfilter", "description": "SetUnhandledExceptionFilter detected (possible anti-debug)", "categories": [ "anti-debug" ], "severity": 1, "weight": 1, "confidence": 40, "references": [], "data": [ { "type": "call", "pid": 12320, "cid": 165 } ], "new_data": [], "alert": false, "families": [] }, { "name": "language_check_registry", "description": "Checks system language via registry key (possible geofencing)", "categories": [ "location_discovery", "geofence" ], "severity": 1, "weight": 1, "confidence": 100, "references": [], "data": [ { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU" }, { "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU" } ], "new_data": [], "alert": false, "families": [] }, { "name": "privilege_elevation_check", "description": "Queries process token information to check for Administrator privileges or UAC elevation status", "categories": [ "discovery", "privilege_escalation" ], "severity": 2, "weight": 1, "confidence": 80, "references": [], "data": [ { "type": "call", "pid": 12320, "cid": 885 }, { "type": "call", "pid": 12320, "cid": 886 }, { "type": "call", "pid": 12320, "cid": 3828 }, { "type": "call", "pid": 12320, "cid": 3829 }, { "type": "call", "pid": 12320, "cid": 4173 }, { "type": "call", "pid": 12320, "cid": 4176 }, { "type": "call", "pid": 12320, "cid": 4489 }, { "type": "call", "pid": 12320, "cid": 4490 }, { "type": "call", "pid": 14276, "cid": 9439 }, { "type": "call", "pid": 14276, "cid": 9440 }, { "type": "call", "pid": 14276, "cid": 9520 }, { "type": "call", "pid": 14276, "cid": 9521 } ], "new_data": [], "alert": false, "families": [] }, { "name": "query_fips_reconnaissance", "description": "Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software", "categories": [ "discovery", "c2" ], "severity": 2, "weight": 1, "confidence": 50, "references": [], "data": [ { "type": "call", "pid": 14276, "cid": 326 }, { "type": "call", "pid": 14276, "cid": 327 }, { "type": "call", "pid": 14276, "cid": 330 }, { "type": "call", "pid": 14276, "cid": 332 }, { "type": "call", "pid": 14276, "cid": 333 }, { "behavioral_fips_reconnaissance": [ "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'" ] } ], "new_data": [], "alert": false, "families": [] }, { "name": "mountpoints_volume_discovery", "description": "Queries the mount points and then resolves volume paths to enumerate storage devices", "categories": [ "discovery", "ransomware", "wiper" ], "severity": 2, "weight": 1, "confidence": 20, "references": [], "data": [ { "type": "call", "pid": 12320, "cid": 4036 }, { "type": "call", "pid": 12320, "cid": 4041 }, { "type": "call", "pid": 12320, "cid": 4053 }, { "type": "call", "pid": 12320, "cid": 4094 }, { "type": "call", "pid": 12320, "cid": 4101 }, { "type": "call", "pid": 12320, "cid": 4109 }, { "type": "call", "pid": 12320, "cid": 4112 }, { "type": "call", "pid": 12320, "cid": 4118 }, { "type": "call", "pid": 12320, "cid": 4129 }, { "type": "call", "pid": 12320, "cid": 4132 }, { "type": "call", "pid": 12320, "cid": 4139 }, { "type": "call", "pid": 12320, "cid": 4151 }, { "type": "call", "pid": 12320, "cid": 4155 }, { "type": "call", "pid": 12320, "cid": 4161 }, { "type": "call", "pid": 14276, "cid": 9101 }, { "type": "call", "pid": 14276, "cid": 9102 }, { "type": "call", "pid": 14276, "cid": 9107 }, { "type": "call", "pid": 14276, "cid": 9115 }, { "type": "call", "pid": 14276, "cid": 9141 }, { "type": "call", "pid": 14276, "cid": 9144 }, { "type": "call", "pid": 14276, "cid": 9149 }, { "type": "call", "pid": 14276, "cid": 9158 }, { "type": "call", "pid": 14276, "cid": 9160 }, { "type": "call", "pid": 14276, "cid": 9165 }, { "type": "call", "pid": 14276, "cid": 9174 }, { "type": "call", "pid": 14276, "cid": 9176 }, { "type": "call", "pid": 14276, "cid": 9181 }, { "type": "call", "pid": 14276, "cid": 9190 }, { "type": "call", "pid": 14276, "cid": 9192 }, { "type": "call", "pid": 14276, "cid": 9197 }, { "type": "call", "pid": 14276, "cid": 9560 }, { "type": "call", "pid": 14276, "cid": 10500 } ], "new_data": [], "alert": false, "families": [] }, { "name": "dllload_suspicious_directory", "description": "A DLL was loaded from a suspicious directory", "categories": [ "side loading" ], "severity": 2, "weight": 1, "confidence": 50, "references": [], "data": [ { "type": "call", "pid": 2208, "cid": 124 }, { "suspicious_dll_load": "Process msedge.exe loaded a DLL from a suspicious directory, this is possibly indicative of DLL side loading/search order hijacking" } ], "new_data": [], "alert": false, "families": [] }, { "name": "registers_vectored_exception_handler", "description": "Registers a vectored exception handler (VEH), possibly to hijack execution flow", "categories": [ "evasion", "execution", "injection" ], "severity": 2, "weight": 1, "confidence": 80, "references": [], "data": [ { "type": "call", "pid": 12320, "cid": 166 } ], "new_data": [], "alert": false, "families": [] }, { "name": "creates_suspended_process", "description": "Creates a process in a suspended state, likely for injection", "categories": [ "injection", "process hollowing" ], "severity": 2, "weight": 1, "confidence": 50, "references": [], "data": [ { "type": "call", "pid": 4248, "cid": 58 }, { "type": "call", "pid": 4248, "cid": 507 }, { "type": "call", "pid": 2072, "cid": 119 }, { "type": "call", "pid": 2072, "cid": 164 }, { "type": "call", "pid": 2072, "cid": 245 }, { "type": "call", "pid": 2072, "cid": 251 }, { "type": "call", "pid": 2072, "cid": 289 }, { "type": "call", "pid": 2072, "cid": 363 }, { "type": "call", "pid": 2208, "cid": 111 }, { "type": "call", "pid": 2208, "cid": 112 }, { "type": "call", "pid": 2208, "cid": 113 }, { "type": "call", "pid": 2208, "cid": 114 }, { "type": "call", "pid": 2208, "cid": 125 }, { "type": "call", "pid": 2208, "cid": 133 }, { "type": "call", "pid": 2208, "cid": 134 }, { "type": "call", "pid": 2208, "cid": 173 }, { "type": "call", "pid": 2208, "cid": 179 }, { "type": "call", "pid": 2208, "cid": 185 }, { "type": "call", "pid": 2208, "cid": 188 }, { "type": "call", "pid": 2208, "cid": 190 }, { "type": "call", "pid": 2208, "cid": 193 } ], "new_data": [], "alert": false, "families": [] }, { "name": "resumethread_remote_process", "description": "Resumed a thread in another process", "categories": [ "injection", "unpacking" ], "severity": 2, "weight": 1, "confidence": 100, "references": [], "data": [ { "thread_resumed": "Process explorer.exe with process ID 4248 resumed a thread in another process with the process ID 14276" }, { "type": "call", "pid": 4248, "cid": 513 } ], "new_data": [], "alert": false, "families": [] }, { "name": "reads_memory_remote_process", "description": "Reads from the memory of another process", "categories": [ "memory scraping", "injection" ], "severity": 2, "weight": 1, "confidence": 100, "references": [], "data": [ { "read_memory": "Process taskmgr.exe with process ID 14276 read from the memory of process handle 0x000005cc" }, { "type": "call", "pid": 14276, "cid": 10863 }, { "type": "call", "pid": 14276, "cid": 10864 }, { "type": "call", "pid": 14276, "cid": 10865 }, { "type": "call", "pid": 14276, "cid": 10977 }, { "type": "call", "pid": 14276, "cid": 10978 }, { "type": "call", "pid": 14276, "cid": 10979 }, { "type": "call", "pid": 14276, "cid": 11012 }, { "type": "call", "pid": 14276, "cid": 11013 }, { "type": "call", "pid": 14276, "cid": 11014 }, { "type": "call", "pid": 14276, "cid": 11050 }, { "type": "call", "pid": 14276, "cid": 11051 }, { "type": "call", "pid": 14276, "cid": 11052 } ], "new_data": [], "alert": false, "families": [] }, { "name": "discover_registry_mount_points", "description": "Queries registry mount points to identify historical or connected removable/network drives", "categories": [ "discovery", "ransomware", "wiper" ], "severity": 2, "weight": 1, "confidence": 20, "references": [], "data": [ { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Data" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Generation" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Data" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Data" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\Generation" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\\Data" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-100000000000}\\" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-300300000000}\\Generation" }, { "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{528c102f-0000-0000-0000-c0dd0e000000}\\Generation" } ], "new_data": [], "alert": false, "families": [] }, { "name": "antisandbox_unhook", "description": "Tries to unhook or modify Windows functions monitored by CAPE", "categories": [ "anti-sandbox" ], "severity": 3, "weight": 1, "confidence": 60, "references": [], "data": [ { "type": "call", "pid": 12320, "cid": 2411 }, { "unhook": "function_name: CommandLineToArgvW, type: restored" } ], "new_data": [], "alert": false, "families": [] } ], "malscore": 9.399999999999999, "ttps": [ { "signature": "antisandbox_unhook", "ttps": [ "T1562.001", "T1562" ], "mbcs": [ "OB0001", "B0003", "OB0006", "F0004", "F0004.003" ] }, { "signature": "antivm_checks_available_memory", "ttps": [ "T1082" ], "mbcs": [] }, { "signature": "privilege_elevation_check", "ttps": [ "T1033", "T1082" ], "mbcs": [] }, { "signature": "query_fips_reconnaissance", "ttps": [ "T1082" ], "mbcs": [] }, { "signature": "mountpoints_volume_discovery", "ttps": [ "T1082" ], "mbcs": [] }, { "signature": "dllload_suspicious_directory", "ttps": [ "T1574" ], "mbcs": [ "F0015" ] }, { "signature": "registers_vectored_exception_handler", "ttps": [ "T1055", "T1574" ], "mbcs": [] }, { "signature": "creates_suspended_process", "ttps": [ "T1055" ], "mbcs": [] }, { "signature": "resumethread_remote_process", "ttps": [ "T1055" ], "mbcs": [] }, { "signature": "discover_registry_mount_points", "ttps": [ "T1082" ], "mbcs": [] } ], "malstatus": "Malicious" }